US6247026B1 - Method, apparatus, and product for leasing of delegation certificates in a distributed system - Google Patents
Method, apparatus, and product for leasing of delegation certificates in a distributed system Download PDFInfo
- Publication number
- US6247026B1 US6247026B1 US09/044,838 US4483898A US6247026B1 US 6247026 B1 US6247026 B1 US 6247026B1 US 4483898 A US4483898 A US 4483898A US 6247026 B1 US6247026 B1 US 6247026B1
- Authority
- US
- United States
- Prior art keywords
- client
- resource
- lease
- delegator
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/42—Loop networks
- H04L12/427—Loop networks with decentralised control
- H04L12/433—Loop networks with decentralised control with asynchronous transmission, e.g. token ring, register insertion
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/0223—User address space allocation, e.g. contiguous or non contiguous base addressing
- G06F12/023—Free address space management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/0223—User address space allocation, e.g. contiguous or non contiguous base addressing
- G06F12/023—Free address space management
- G06F12/0253—Garbage collection, i.e. reclamation of unreferenced memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/0223—User address space allocation, e.g. contiguous or non contiguous base addressing
- G06F12/023—Free address space management
- G06F12/0253—Garbage collection, i.e. reclamation of unreferenced memory
- G06F12/0261—Garbage collection, i.e. reclamation of unreferenced memory using reference counting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/289—Object oriented databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4411—Configuring for operating with peripheral devices; Loading of device drivers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/465—Distributed object oriented systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/468—Specific access rights for resources, e.g. using capability register
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
- G06F9/548—Object oriented; Remote method invocation [RMI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/46—Indexing scheme relating to G06F9/46
- G06F2209/462—Lookup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/24—Negotiation of communication capabilities
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99931—Database or file accessing
- Y10S707/99939—Privileged access
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99951—File or database maintenance
- Y10S707/99952—Coherency, e.g. same view to multiple users
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99951—File or database maintenance
- Y10S707/99952—Coherency, e.g. same view to multiple users
- Y10S707/99953—Recoverability
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99951—File or database maintenance
- Y10S707/99956—File allocation
- Y10S707/99957—Garbage collection
Definitions
- This invention generally relates to data processing systems and, more particularly, to leasing delegation certificates in data processing systems.
- resource management involves allocating resources (e.g., memory) in response to requests as well as deallocating resources at appropriate times, for example, when the requesters no longer require the resources.
- resources e.g., memory
- deallocating resources at appropriate times, for example, when the requesters no longer require the resources.
- the resources contain data referenced by computational entities (e.g., applications, programs, applets, etc.) executing in the computers.
- each resource has a unique “handle” by which the resource can be referenced.
- the handle may be implemented in various ways, such as an address, array index, unique value, pointer, etc.
- Resource management is relatively simple for a single computer because the events indicating when resources can be reclaimed, such as when applications no longer refer to them or after a power failure, are easy to determine. Resource management for distributed systems connecting multiple computers is more difficult because applications in several different computers may be using the same resource.
- Disconnects in distributed systems can lead to the improper and premature reclamation of resources or to the failure to reclaim resources.
- multiple applications operating on different computers in a distributed system may refer to resources located on other machines. If connections between the computers on which resources are located and the applications referring to those resources are interrupted, then the computers may reclaim the resources prematurely. Alternatively, the computers may maintain the resources in perpetuity, despite the extended period of time that applications failed to access the resources.
- distributed garbage collection a facility provided by a language or runtime system for distributed systems that automatically manages resources used by an application or group of applications running on different computers in a network.
- garbage collection uses the notion that resources can be freed for future use when they are no longer referenced by any part of an application.
- Distributed garbage collection extends this notion to the realm of distributed computing, reclaiming resources when no application on any computer refers to them.
- Distributed garbage collection must maintain integrity between allocated resources and the references to those resources. In other words, the system must not be permitted to deallocate or free a resource when an application running on any computer in the network continues to refer to that resource.
- This reference-to-resource binding referred to as “referential integrity,” does not guarantee that the reference will always grant access to the resource to which it refers. For example, network failures can make such access impossible.
- the integrity guarantees that if the reference can be used to gain access to any resource, it will be the same resource to which the reference was first given.
- Referential integrity failures and memory leaks often result from disconnections between applications referencing the resources and the garbage collection system managing the allocation and deallocation of those resources. For example, a disconnection in a network connection between an application referring to a resource and a garbage collection system managing that resource may prevent the garbage collection system from determining whether and when to reclaim the resource. Alternatively, the garbage collection system might mistakenly determine that, since an application has not accessed a resource within a predetermined time, it may collect that resource.
- a number of techniques have been used to improve the distributed garbage collection mechanism by attempting to ensure that such mechanisms maintain referential integrity without memory leaks.
- One conventional approach uses a form of reference counting, in which a count is maintained of the number of applications referring to each resource.
- the garbage collection system may reclaim the resource.
- Such a reference counting scheme only works, however, if the resource is created with a corresponding reference counter.
- the garbage collection system in this case increments the resource's reference count as additional applications refer to the resource, and decrements the count when an application no longer refers to the resource.
- some conventional reference counting schemes include “keep-alive” messages, which are also referred to as “ping back.”
- applications in the network send messages to the garbage collection system overseeing resources and indicate that the applications can still communicate. These messages prevent the garbage collection system from dropping references to resources. Failure to receive such a “keep-alive” message indicates that the garbage collection system can decrement the reference count for a resource and, thus, when the count reaches zero, the garbage collection system may reclaim the resource. This, however, can still result in the premature reclamation of resources following reference counts reaching zero from a failure to receive “keep-alive” messages because of network failures. This violates the referential integrity requirement.
- Another proposed method for resolving referential integrity problems in garbage collection systems is to maintain not only a reference count but also an identifier corresponding to each computational entity referring to a resource. See A. Birrell, et al., “Distributed Garbage Collection for Network Objects,” No. 116, digital Systems Research Center, Dec. 15, 1993. This method suffers from the same problems as the reference counting schemes. Further, this method requires the addition of unique identifiers for each computational entity referring to each resource, adding overhead that would unnecessarily increase communication within distributed systems and add storage requirements (i.e., the list of identifiers corresponding to applications referring to each resource).
- referential integrity is guaranteed without costly memory leaks by leasing resources for a period of time during which the parties in a distributed system, for example, an application holding a reference to a resource and the garbage collection system managing that resource, agree that the resource and a reference to that resource will be guaranteed. At the end of the lease period, the guarantee that the reference to the resource will continue lapses, allowing the garbage collection system to reclaim the resource. Because the application holding the reference to the resource and the garbage collection system managing the resource agree to a finite guaranteed lease period, both can know when the lease and, therefore, the guarantee, expires. This guarantees referential integrity for the duration of a reference lease and avoids the concern of failing to free the resource because of network errors.
- the leasing technique can be applied to delegation certificates.
- a method for leasing delegation certificates comprises the steps of receiving a lease request from a client specifying a resource and a lease period, determining a lease period during which the client has authority to request from a server access to the resource, advising the client of the granted lease period, granting the client a delegation certificate which the client can use to access the resource from the server.
- FIG. 1 is a flow diagram of the steps performed by the application call processor according to an implementation of the present invention
- FIG. 2 is a flow diagram of the steps performed by the server call processor to process dirty calls according to the implementation of the present invention
- FIG. 3 is a flow diagram of the steps performed by the server call processor to process clean calls according to the implementation of the present invention
- FIG. 4 is a flow diagram of the steps performed by the server call processor to initiate a garbage collection process according to the implementation of the present invention.
- FIG. 5 is a diagram of a preferred flow of calls within a distributed processing system
- FIG. 6 is a block diagram of the components of the implementation of a method invocation service according to the present invention.
- FIG. 7 is a diagram of a distributed processing system that can be used in an implementation of the present invention.
- FIG. 8 is a diagram of the individual software components in the platforms of the distributed processing system according to the implementation of the present invention.
- FIG. 9 is a diagram of a data processing system for leasing delegation certificates in a distributed processing system that can be used in an alternative embodiment of the present invention.
- FIG. 10 is a flow diagram of the steps performed by the delegator process when another process (potential delegatee) requests a lease according to an alternative embodiment of the present invention.
- FIG. 11 A and FIG. 11B represent a flow diagram of the steps performed by a process (potential delegatee) when requesting a lease from the delegator process according to an alternative embodiment of the present invention.
- FIG. 12 is a flow diagram of the steps performed by the server when a delegatee requests access to a resource according to an alternative embodiment of the present invention.
- the present invention may be implemented by computers organized in a conventional distributed processing system architecture.
- the architecture for and procedures to implement this invention are not conventional, because they provide a distributed garbage collection scheme that ensures referential integrity and eliminates memory leaks.
- a method invocation (MI) component located in each of the computers in the distributed processing system implements the distributed garbage collection scheme of this invention.
- the MI component may consist of a number of software modules preferably written in the JAVATM programming language.
- an application in the distributed processing system obtains a reference to a distributed resource, by a name lookup, as a return value to some other call, or another method, and seeks to access the resource, the application makes a call to the resource or to an MI component managing the resource. That MI component, called a managing MI component, keeps track of the number of outstanding references to the resource. When the number of references to a reference is zero, the managing MI component can reclaim the resource.
- the count of the number of references to a resource is generally called the “reference count” and the call that increments the reference count may be referred to as a “dirty call.”
- a dirty call can include a requested time interval, called a lease period, for the reference to the resource.
- the managing MI component Upon receipt of the dirty call, the managing MI component sends a return call indicating a period for which the lease was granted.
- the managing MI component thus tracks the lease period for those references as well as the number of outstanding references. Consequently, when the reference count for a resource goes to zero or when the lease period for the resource expires, the managing MI component can reclaim the resource.
- An application call processor in an MI component performs the steps of the application call procedure 100 illustrated in FIG. 1 .
- the server call processor in the managing MI component performs the steps of the procedures 200 , 300 , and 400 illustrated in FIGS. 2-4, respectively.
- the managing MI component's garbage collector performs conventional procedures to reclaim resources previously bound to references in accordance with instructions from the server call processor. Accordingly, the conventional procedures of the garbage collector will not be explained.
- FIG. 1 is a flow diagram of the procedure 100 that the application call processor of the MI component uses to handle application requests for references to resources managed by the same or another MI component located in the distributed processing system.
- the application call processor sends a dirty call, including the resource's reference and a requested lease period to the managing MI component for the resource (step 110 ).
- the dirty call may be directed to the resource itself or to the managing MI component.
- the application call processor then waits for and receives a return call from the managing MI component (step 120 ).
- the return call includes a granted lease period during which the managing MI component guarantees that the reference of the dirty call will be bound to its resource. In other words, the managing MI component agrees not to collect the resource corresponding to the reference of a dirty call for the grant period. If the managing MI component does not provide a grant period, or rejects the request for a lease, then the application call processor will have to send another dirty call until it receives a grant period.
- the application call processor monitors the application's use of the reference and, either when the application explicitly informs the application call processor that the reference is no longer required or when the application call processor makes this determination on its own (step 130 ), the application call processor sends a clean call to the managing MI component (step 140 ). In a manner similar to the method used for dirty calls, the clean call may be directed to the referenced resource and the managing MI component will process the clean call. Subsequently, the application call processor eliminates the reference from a list of references being used by the application (step 150 ).
- step 130 If the application is not yet done with the reference (step 130 ), but the application call processor determines that the grant period for the reference is about to expire (step 160 ), then the application call processor repeats steps 110 and 120 to ensure that the reference to the resource is maintained by the managing MI component on behalf of the application.
- the MI component's server call processor performs three main procedures: (1) handling dirty calls; (2) handling incoming clean calls; and (3) initiating a garbage collection cycle to reclaim resources at the appropriate time.
- FIG. 2 is a flow diagram of the procedure 200 that the MI component's server call processor uses to handle requests to reference resources, i.e., dirty calls, that the MI software component manages. These requests come from application call processors of MI components in the distributed processing system, including the application call processor of the same MI component as the server call processor handling requests.
- the server call processor receives a dirty call (step 210 ).
- the server call processor determines an acceptable grant period (step 220 ).
- the grant period may be the same as the requested lease period or some other time period.
- the server call processor determines the appropriate grant period based on a number of conditions including the amount of resource required and the number of other grant periods previously granted for the same resource.
- the server call processor determines that a resource has not yet been allocated for the reference of a dirty call (step 230 ).
- the server call processor allocates the required resource (step 240 ).
- the server call processor then increments a reference count corresponding to the reference of a dirty call (step 250 ), sets the acceptable grant period for the reference-to-resource binding (step 260 ), and sends a return call to an application call processor with the grant period (step 270 ). In this way, the server call processor controls incoming dirty calls regarding references to resources under its control.
- Applications can extend leases by sending dirty calls with an extension request before current leases expire. As shown in procedure 200 , a request to extend a lease is treated just like an initial request for a lease. An extension simply means that the resource will not be reclaimed for some additional interval of time, unless the reference count goes to zero.
- the MI component's server call processor also handles incoming clean calls from application call processors. When an application in the distributed processing system no longer requires a reference to a resource, it informs the MI component managing the resource for that reference so that the resource may be reclaimed for reuse.
- FIG. 3 is a flow diagram of the procedure 300 with the steps that the MI component's server call processor uses to handle clean calls.
- the server call processor When the server call processor receives a clean call with a reference to a resource that the MI component manages (step 310 ), the server call processor decrements a corresponding reference count (step 320 ). The clean call may be sent to the resource, with the server call processor monitoring the resource and executing the procedure 300 to process the call. Subsequently, the server call processor sends a return call to the MI component that sent the clean call to acknowledge receipt (step 330 ). In accordance with this implementation of the present invention, a clean call to drop a reference may not be refused, but it must be acknowledged.
- the server call processor also initiates a garbage collection cycle to reclaim resources for which it determines that either no more references are being made to the resource or that the agreed lease period for the resource has expired.
- the procedure 400 shown in FIG. 4 includes a flow diagram of the steps that the server call processor uses to initiate a garbage collection cycle.
- the server call processor monitors reference counts and granted lease periods and determines whether a reference count is zero for a resource managed by the MI component, or the grant period for a reference has expired (step 410 ). When either condition exists, the server call processor initiates garbage collection (step 420 ) of that resource. Otherwise, the server call processor continues monitoring the reference counts and granted lease periods.
- FIG. 5 is a diagram illustrating the flow of calls among MI components within the distributed processing system.
- Managing MI component 525 manages the resources 530 by monitoring the references to those resources 530 (see garbage collect 505 ). Because the managing MI components 525 manages the resources, the server call processor of managing MI component 525 performs the operations of this call flow description.
- FIG. 5 also shows that applications 510 and 540 have corresponding MI components 515 and 545 , respectively.
- Each of the applications 510 and 540 obtains a reference to one of the resources 530 and seeks to obtain access to one of the resources 530 such that a reference is bound to the corresponding resource.
- applications 510 and 540 invoke their corresponding MI components 515 and 545 , respectively, to send dirty calls 551 and 571 , respectively, to the MI component 525 .
- the MI components 515 and 525 handle application requests for access to resources 530 managed by another MI component, such as managing MI component 525 , the application call processors of MI components 515 and 545 perform the operations of this call flow description.
- managing MI component 525 sends return calls 552 and 572 , respectively, to each of the MI components 515 and 545 , respectively.
- the dirty calls include granted lease periods for the references of the dirty calls 551 and 571 .
- FIG. 5 also shows MI components 515 and 545 sending clean calls 561 and 581 , respectively, to managing MI component 525 .
- Clean calls 561 and 581 inform managing MI component 525 that applications 510 and 540 , respectively, no longer require access to the resource specified in the clean calls 561 and 581 .
- Managing MI component 525 responds to clean calls 561 and 581 with return calls 562 and 582 , respectively.
- Return calls 562 and 582 differ from return calls 552 and 572 in that return calls 562 and 582 are simply acknowledgments from MI component 525 of the received clean calls 561 and 581 .
- Both applications 510 and 540 may request access to the same resource.
- application 510 may request access to “RESOURCE(1)” while application 540 was previously granted access to that resource.
- MI component 525 handles this situation by making the resource available to both applications 510 and 540 for agreed lease periods. Thus, MI component 525 will not initiate a garbage collection cycle to reclaim the “RESOURCE(1)” until either applications 510 and 540 have both dropped their references to that resource or the latest agreed periods has expired, whichever event occurs first.
- the present invention also permits an application to access a resource after it sent a clean call to the managing MI component dropping the reference to the resource. This occurs because the resource is still referenced by another application or the reference's lease has not yet expired so the managing MI component 525 has not yet reclaimed the resource. The resource, however, will be reclaimed after a finite period, either when no more applications have leases or when the last lease expires.
- FIG. 6 is a block diagram of the modules of an MI component 600 according to an implementation of the present invention.
- MI component 600 can include a reference component 605 for each reference monitored, application call processor 640 , server call processor 650 , and garbage collector 660 .
- Reference component 605 preferably constitutes a table or comparable structure with reference data portions 610 , reference count 620 , and grant period register 630 .
- MI component 600 uses the reference count 620 and grant period 630 for each reference specified in a corresponding reference data portion 610 to determine when to initiate garbage collector 660 to reclaim the corresponding resource.
- Application call processor 640 is the software module that performs the steps of procedure 100 in FIG. 1 .
- Server call processor 650 is the software module that performs the steps of procedures 200 , 300 , and 400 in FIGS. 2-4.
- Garbage collector 660 is the software module that reclaims resources in response to instructions from the server call processor 650 , as explained above.
- FIG. 7 illustrates a distributed processing system 50 which can be used to implement the present invention.
- distributed processing system 50 contains three independent and heterogeneous platforms 100 , 200 , and 300 connected in a network configuration represented by the network cloud 55 .
- the composition and protocol of the network configuration represented in FIG. 7 by the cloud 55 is not important as long as it allows for communication of the information between platforms 700 , 800 and 900 .
- the use of just three platforms is merely for illustration and does not limit the present invention to the use of a particular number of platforms.
- the specific network architecture is not crucial to this invention. For example, another network architecture that could be used in accordance with this invention would employ one platform as a network controller to which all the other platforms would be connected.
- platforms 700 , 800 and 900 each include a processor 710 , 810 , and 910 respectively, and a memory, 750 , 850 , and 950 , respectively.
- processor 710 , 810 , and 910 Included within each processor 710 , 810 , and 910 , are applications 720 , 820 , and 920 , respectively, operating systems 740 , 840 , and 940 , respectively, and MI components 730 , 830 , and 930 , respectively.
- Applications 720 , 820 , and 920 can be programs that are either previously written and modified to work with the present invention, or that are specially written to take advantage of the services offered by the present invention. Applications 720 , 820 , and 920 invoke operations to be performed in accordance with this invention.
- MI components 730 , 830 , and 930 correspond to the MI component 600 discussed above with reference to FIG. 6 .
- Operating systems 740 , 840 , and 940 are standard operating systems tied to the corresponding processors 710 , 810 , and 910 , respectively.
- the platforms 700 , 800 , and 900 can be heterogeneous.
- platform 700 has an UltraSparc® microprocessor manufactured by Sun Microsystems Corp. as processor 710 and uses a Solaris® operating system 740 .
- Platform 800 has a MIPS microprocessor manufactured by Silicon Graphics Corp. as processor 810 and uses a Unix operating system 840 .
- platform 900 has a Pentium microprocessor manufactured by Intel Corp. as processor 910 and uses a Microsoft Windows 95 operating system 940 .
- the present invention is not so limited and could accommodate homogenous platforms as well.
- Sun, Sun Microsystems, Solaris, Java, and the Sun Logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. UltraSparc and all other SPARC trademarks are used under license and are trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.
- Memories 750 , 850 , and 950 serve several functions, such as general storage for the associated platform. Another function is to store applications 720 , 820 , and 920 , MI components 730 , 830 , and 930 , and operating systems 740 , 840 , and 940 before execution by the respective processor 710 , 810 , and 910 . In addition, portions of memories 750 , 850 , and 950 may constitute shared memory available to all of the platforms 700 , 800 , and 900 in network 50 .
- the present invention may be implemented using a client/server model.
- the client generates requests, such as the dirty calls and clean calls, and the server responds to requests.
- Each of the MI components 730 , 830 and 930 shown in FIG. 7 preferably includes both client components and server components.
- Platforms 1000 and 1100 contain memories 1050 and 1150 , respectively, and processors 1010 and 1110 , respectively.
- the elements in the platforms 1000 and 1100 function in the same manner as similar elements described above with reference to FIG. 7 .
- processor 1010 executes a client application 1020 and processor 1110 executes a server application 1120 .
- Processors 1010 and 1110 also execute operating systems 1040 and 1140 , respectively, and MI components 1030 and 1130 , respectively.
- MI components 1030 and 1130 each include a server call processor 1031 and 1131 , respectively, an application call processor 1032 and 1132 , respectively, and a garbage collector 1033 and 1133 ,respectively.
- Each of the MI components 1030 and 1130 also contains reference components, including reference data portions 1034 and 1134 , respectively, reference counts 1035 and 1135 , respectively, and grant period registers 1036 and 1136 , respectively, for each reference that the respective MI component 1030 or 1130 monitors.
- Application call processors 1032 and 1132 represent the client service and communicate with server call processors 1031 and 1131 , respectively, which represent the server service. Because platforms 1000 and 1100 contain a server call processor, an application call processor, a garbage collector, and reference components, either platform can act as a client or a server.
- platform 1000 is designated the client platform and platform 1100 is designated as the server platform.
- client application 1020 obtains references to distributed resources and uses MI component 1030 to send dirty calls to the resources managed by MI component 1130 of server platform 1100 .
- server platform 1100 may be executing a server application 1120 .
- Server application 1120 may also use MI component 1130 to send dirty calls, which may be handled by MI component 1130 when the resources of those dirty calls are managed by MI component 1130 .
- server application 1120 may use MI component 1130 to send dirty calls to resources managed by MI component 1030 .
- server call processor 1031 , garbage collector 1033 , and reference count 1035 for MI component 1030 of client platform 1000 are not active and are therefore presented in FIG. 8 as shaded.
- application call processor 1132 of MI component 1130 of the server platform 1100 is shaded because it is also dormant.
- application call processor 1032 sends a dirty call, which server call processor 1131 receives.
- the dirty call includes a requested lease period.
- Server call processor 1131 increments the reference count 1135 for the reference in the dirty call and determines a grant period.
- server call processor 1131 sends a return call to application call processor 1030 with the grant period.
- Application call processor 1032 uses the grant period to update recorded grant period 1035 , and to determine when the resource corresponding to the reference of its dirty call may be reclaimed.
- Server call processor 1131 also monitors the reference counts and grant periods corresponding to references for resources that it manages. When one of its reference counts 1135 is zero, or when the grant period 1135 for a reference has expired, whichever event occurs first, server call processor 1131 may initiate the garbage collector 1133 to reclaim the resource corresponding to the reference that has a reference count of zero or an expired grant period.
- the leased-reference scheme does not require that the clocks on the platforms 1000 and 1100 involved in the protocol be synchronized.
- the scheme merely requires that they have comparable periods of increase. Leases do not expire at a particular time, but rather expire after a specific time interval. As long as there is approximate agreement on the interval, platforms 1000 and 1100 will have approximate agreement on the granted lease period. Further, since the timing for the lease is, in computer terms, fairly long, minor differences in clock rate will have little or no effect.
- the transmission time of the dirty call can affect the protocol. If MI component 1030 holds a lease to reference and waits until just before the lease expires to request a renewal, the lease may expire before the MI component 1130 receives the request. If so, MI component 1130 may reclaim the resource before receiving the renewal request. Thus, when sending dirty calls, the sender should add a time factor to the requested lease period in consideration of transmission time to the platform handling the resource of a dirty call so that renewal dirty calls may be made before the lease period for the resource expires.
- a distributed garbage collection scheme ensures referential integrity and eliminates memory leaks by providing granted lease periods corresponding to references to resources in the distributed processing system such that when the granted lease periods expire, so do the references to the resources.
- the resources may then be collected. Resources may also be collected when they are no longer being referenced by processes in the distributed processing system with reference to counters assigned to the references for the resources.
- the leasing technique relates to garbage collection.
- an alternative embodiment of the present invention as described below, can be used with delegation certificates.
- a delegation certificate allows one actor (“a delegator”) with sufficient privilege to access a resource to delegate its authority to access this resource to another actor (“a delegatee”) who then accesses the resource on behalf of the delegator.
- the delegator may not want to delegate to the delegatee carte blanche permission to access the resource for fear the delegatee may abuse its privilege either intentionally or unintentionally.
- the delegator may want to impose limits on the delegatee's access, such as the type of access permitted or the length of time access is permitted.
- the leasing of delegation certificates allows the delegator to control and limit the delegatee's access, thus providing additional security.
- Delegation certificates can be leased to access various resources, such as files.
- An example of a delegation follows: a delegator may have confidential tax files managed by a file system manager. By prior negotiation, the file system manager will only grant access to these files to the owner, the delegator. However, the owner may need the taxes to be calculated by a tax program, so the owner delegates authority to the tax program, the delegatee, to access the tax files for a limited time, until April 15. Accordingly, the owner grants the tax program permission, via a delegation certificate, to access the files controlled by the file system manager until April 15th. This is accomplished by leasing the delegation certificate to the tax program such that the lease expires on April 15th. If the tax program attempts to access the file after this date, the lease expires and it is prevented from doing so by the file system manager.
- the leasing of delegation certificates allows the owner to control or limit access to the files by the tax program. More specifically, the tax program requests a lease from the owner for access to the files stored with the file system manager for read access until April 15th. If a lease is granted, the owner sends to the tax program a delegation certificate that indicates the tax program is entitled to read-only access to the owner's files.
- the file system manager has the responsibility of authenticating the delegation certificate as well as to determine the type and length of the tax program's access. At no time can the tax program directly change the contents of the delegation certificate. However, the tax program can request the owner to renew the lease (i.e., if the tax program requires additional time to access the file) or to cancel the lease, (i.e., if the tax program's access is completed before the lease period expires).
- the delegation certificate is an object that proves the identity of the delegator and has a set of corresponding rights attached to it.
- the delegation certificate object contains a principal identifier, some means for proving the identification, and a specification of the rights.
- the specification of the rights includes methods for determining the type of access requested and the duration of a lease.
- the object includes methods for canceling a lease and for renewing a lease.
- the methods may generate exceptions that, when accessed, set forth the reason why invocation of the method was unsuccessful.
- the object is an instance of a class that may be extended in many ways to offer more functionality, but the basic class is defined as follows:
- the principal identifier gives the delegatee the appearance of being the delegator when the delegatee communicates with the system manager.
- the integrity of the identification is assured by any number of known authentication methods, such as public-key, challenge-response protocol, or shared secret technology.
- Invoking the access type method provides the type of access the delegator permits. This method can be invoked by whoever has the delegation certificate, either the delegator, the delegatee, or the file system manager. For instance, the delegates will invoke the method to determine what type of access it is permitted to seek from the file system manager. The file system manager will invoke the method to determine what type of access it is permitted to grant. For example, the delegator may deem a particular file as read-only access. In this case, the file system manager will only allow read access for a subsequently granted lease for that particular file. Conversely, an attempt by the delegatee to write to that storage location would not be permitted by the file system manager.
- Invoking the duration method provides the length of the granted lease period. This period represents the most recent lease granted by the delegator.
- the renew method permits the renew of the lease, asking for more time, without having to re-initiate the original lease request.
- Situations where the delegatee may desire to renew the lease include when the original lease proves to be insufficient (i.e., the delegatee requires additional use of the storage location), or when only a partial lease (i.e., less than the requested lease) is granted.
- the renew method can be continually invoked in order to obtain sequential lease periods.
- the renew method cannot be invoked if the delegatee does not have an active lease.
- the renew method has no return value; if the renewal is granted, the new lease period will be reflected in the lease object on which the call was made. If the delegator is unable or unwilling to renew the lease, the reason is set forth in the LeaseDeniedException generated by the renew method.
- the cancel method is invoked when there is still time left on the lease, but the delegatee no longer desires access.
- the cancel method may also be invoked by the delegator if, for instance, it wants to cancel the delegatee's access.
- cancel allows the file, for example, to be reclaimed.
- end of a lease i.e., natural termination occurs
- FIG. 9 depicts a data processing system 9000 suitable for use for by an alternative embodiment of the present invention.
- the data processing system 9000 includes a computer system 9002 connected to the Internet 9004 .
- the computer system 9002 includes a memory 9010 , a secondary storage device 9018 , a central processing unit (CPU) 9024 , an input device 9026 , and a video display 9022 .
- the secondary storage device 9018 further includes a number of files 9020 .
- the memory 9010 further includes a delegator program 9008 , a delegatee program 9010 , and an operating system 9014 containing a file system manager 9016 .
- the file system manager 9016 manages files 9020 on the secondary storage device 9018 .
- the delegates 9010 requests access to a secondary storage device 9018 by requesting a lease from the delegator 9008 .
- the delegator 9008 may either grant or deny the lease as further described below. If the delegator 9008 grants the lease to the delegatee 9010 , the delegatee 9010 then requests access to the secondary storage device 9018 from the file system manager 9016 .
- computer 9000 may contain additional or different components.
- FIG. 10 depicts a flow chart of the steps performed by the delegator 9008 when receiving a lease request from the delegatee 9010 .
- the first step performed by the delegator is to request the delegatee to access a resource, such as a file, on the delegator's behalf (step 10002 ).
- the delegator will receive a lease request from the delegates (step 10004 ).
- This request is a function call that includes a number of parameters including (1) the requested file the delegatee wishes to lease, (2) the desired lease period, and (3) the type of access the delegates desires.
- the requested file parameter contains an indication of the file to be leased.
- the desired lease period contains an amount of time the delegatee wants to utilize the file.
- the type of access requested indicates the type of access the client requested. For example, the delegatee may request read access or write access. To form a valid request, the delegatee request must contain both the file desired and the desired lease. After receiving the request, the delegator examines the parameters to verify the propriety of the request (step 10006 ).
- the delegator determines if the request is, in fact, proper (step 10008 ). For example, the delegator checks if the requested file is a file that the delegator has the ability to lease. Also, the delegator verifies that some lease period is specified. Additionally, the delegator checks if the type of access requested is available. If the delegator determines that the lease request is improper, the delegator generates an exception (step 10010 ) and processing ends.
- the delegator determines a sufficient lease period (step 10012 ). For example, if access to the delegator's tax files are requested, the delegator may grant a lease period up to April 15. Next, the delegator creates a lease object and returns the object to the delegatee (step 10020 ) and processing ends.
- FIGS. 11A and 11B depict a flowchart of the steps performed by the delegatee 9010 when requesting a lease from the delegator 9008 .
- the first step performed by the potential delegatee is to receive a request by the delegatee that entails accessing a file on the delegator's behalf (step 11001 ).
- the delegatee sends a request for a lease to the delegator (step 11002 ). This request is a function call and is described in step 10004 in FIG. 10 .
- the delegatee After sending the request, the delegatee receives a lease object from the delegator (step 11004 ).
- the lease object includes the principal identifier, the authentication method, the access-type method, the lease duration method, the renew method, the cancel method.
- the delegatee by examining the lease object, determines if a lease was granted (step 11006 ). If the delegatee determines that a lease was not granted, the delegatee invokes the exception method (step 11008 ), which allows the delegatee to determine why a lease was not granted. If the delegatee determines that the lease was not granted because of an improper request (step 11010 ), the delegates reconfigures the request (step 11012 ), and processing continues to step 11002 . However, if the delegatee determines that the lease was not granted for reasons other than an improper request, processing ends. Note, the delegator may grant multiple leases to the same file, since it is ultimately the responsibility of the file system manager to referee actual access to the file.
- step 11006 determines that a lease was granted by the delegator, next the delegates requests access to the file from the file system manager, by sending an access request (step 11018 ). Processing then continues to step 11020 in FIG. 11 B.
- the delegatee After the delegatee sends the access request to the file system manager in step 11018 in FIG. 11A, the delegatee determines, by examining the lease object, if the file system manager granted the delegatee access to the file (step 11020 ). If the delegates determines that access was not granted by the file system manager, the delegatee invokes the exception method, contained in the object returned by the file system manager, which allows the delegatee to determine why access was not granted (step 11022 ).
- step 11024 If the delegatee determines that access was not granted because of an improper request (step 11024 ), processing ends. On the other hand, if the request was proper, the delegatee determines if access was not granted because the file system manager allocated the file to another leaseholder (step 11026 ). If the delegatee determines the file is busy, the delegatee waits for a predetermined period of time (step 11028 ) and processing continues to step 11018 in FIG. 11 A. If the delegatee determines that access to the file was denied for some other reason, processing ends.
- step 11020 determines, in step 11020 , that the file system manager granted the delegates access to the file.
- the delegates can access the file (step 11030 ).
- step 11032 determines if it is finished accessing the file (step 11032 ).
- the delegatee determines if the lease expired, (i.e., the lease is no longer active) (step 11034 ). If the lease expired, processing ends and no communication is necessary between the delegatee and the file system manager (i.e., natural termination occurs). Otherwise, if the lease is still active the delegatee invokes the cancel method (step 11036 ). The delegatee accesses the cancel method via the lease object. The cancel method informs the file system manager and the delegator that the delegatee is no longer interested in the file. Accordingly, the cancel method allows the file system manager to reclaim the file for use by other lease holders in an expeditious fashion.
- the lease expired processing ends and no communication is necessary between the delegatee and the file system manager (i.e., natural termination occurs). Otherwise, if the lease is still active the delegatee invokes the cancel method (step 11036 ).
- the delegatee accesses the cancel method via the lease object.
- the cancel method informs the file system manager and the delegator that the delegatee is
- the delegatee determines if the lease is about to expire (step 11038 ). This is achieved by the delegatee comparing the duration of the lease with current time minus the time when the lease was granted. The duration of the lease is found by invoking the duration method. If the lease is not about to expire, the delegatee continues to access the file (step 11030 ).
- step 11040 the delegatee must decide whether or not to renew the lease. If the delegatee chooses to renew the lease, the delegatee invokes the renew method of the lease object. If the renew method is invoked, processing continues to step 11002 in FIG. 11 A. If the delegates does not renew the lease, then processing ends and no communication is necessary between the delegatee and the file system manager (i.e., natural termination occurs).
- FIG. 12 depicts a flow chart of the steps performed by the file system manager 9016 when a delegatee process 9008 requests access to a file.
- the first step performed by the file system manager is to receive an access request by the delegatee (step 1202 ). After receiving the request, the file system manager authenticates the delegatee's identity by invoking the principal identifier method and the authentication method, via the lease object (step 1203 ). If the file system manager determines that the delegatee's lacks the proper identity to access the file (step 1204 ), the file system manager generates an exception (step 1206 ) and processing ends.
- the file system manager determines in step 1204 that the delegatee's identity is authentic, the file system manager invokes the getAccess type method (step 1208 ). By invoking the getAccess type method, the file system manager is able to determine which type of access the delegatee desires. Next, the file system manager determines if the file is available for the type of access requested (step 1210 ). If the file system manager determines that the file is unavailable, the file system manager generates an exception (step 1206 ) and processing ends.
- step 1210 the file system manager invokes the duration method (step 1212 ).
- the file system manager invokes the duration method in order to determine if there is time left on the delegatee's lease. If the file system manager determines that the delegatee's lease is active (step 1214 ), the file system manager grants the delegatee access to the file (step 1218 ). After granting the delegatee access to the file, the file system manager returns to step 1212 .
- step 1214 If the file system manager determines in step 1214 that the lease is not active, the file system manager will reclaim the file (step 1216 ). After reclaiming the file, the file system manager generates an exception (step 1206 ) and processing ends.
Abstract
A method, apparatus, and product for leasing a delegation certificate in a distributed processing system is provided. Consistent with this method, apparatus, and product, a delegatee requests from a delegator access to a resource for a period of time that the delegator has authority to access. Responsive to this request, the delegator determines an appropriate lease period during which time the delegatee has authority to access to the resource.
Description
This is a continuation-in-part of U.S. patent application Ser. No. 08/729,421, filed on Oct. 11, 1996, U.S. Pat. No. 5,832,529, which is incorporated herein by reference.
The following identified U.S. patent applications are relied upon and are incorporated by reference in this application.
Provisional U.S. Patent Application No. 60/076,048, entitled “Distributed Computing System,” filed on Feb. 26, 1998.
U.S. patent application Ser. No. 09/044,923, entitled “Method and System for Leasing Storage,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,834, entitled “Method, Apparatus and Product for Leasing of Group Membership in a Distributed System,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,916, entitled “Methods and Systems For Distributed Failure Detection and Recovery Using Leasing,” U.S. Pat. No. 6,016,500, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,933, entitled “Method for Transporting Behavior in Event Based System,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,919, entitled “Deferred Reconstruction of Objects and Remote Loading for Event Notification in a Distributed System,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,938, entitled “Methods and Apparatus for Remote Method Invocation,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/045,652, entitled “Method and System for Deterministic Hashes to Identify Remote Methods,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,790, entitled “Method and Apparatus for Determining Status of Remote Objects in a Distributed System,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,930, entitled “Downloadable Smart Proxies for Performing Processing Associated with a Remote Procedure Call in a Distributed System,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,917, entitled “Suspension and Continuation of Remote Methods,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,835, entitled “Method and System for Multi-Entry and Multi-Template Matching in a Database,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,839, entitled “Method and System for In-Place Modifications in a Database,” abandoned, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,945, entitled “Method and System for Typesafe Attribute Matching in a Database,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,931, entitled “Dynamic Lookup Service in a Distributed System,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,939, entitled “Apparatus and Method for Providing Downloadable Code for Use in Communicating with a Device in a Distributed System,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,826, entitled “Method and System for Facilitating Access to a Lookup Service,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,932, entitled “Apparatus and Method for Dynamically Verifying Information in a Distributed System,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/030,840, entitled “Method and Apparatus for Dynamic Distributed Computing Over a Network,” and filed on Feb. 26, 1998, pending.
U.S. patent application Ser. No. 09/044,936, entitled “An Interactive Design Tool for Persistent Shared Memory Spaces,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,934, entitled “Polymorphic Token-Based Control,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,915, entitled “Stack-Based Access Control,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,944, entitled “Stack-Based Security Requirements,” pending, and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,837, entitled “Per-Method Designation of Security Requirements,” pending, and filed on the same date herewith.
A. Field of the Invention
This invention generally relates to data processing systems and, more particularly, to leasing delegation certificates in data processing systems.
B. Description of the Related Art
Proper resource management is an important aspect to efficient and effective use of computers. In general, resource management involves allocating resources (e.g., memory) in response to requests as well as deallocating resources at appropriate times, for example, when the requesters no longer require the resources. In general, the resources contain data referenced by computational entities (e.g., applications, programs, applets, etc.) executing in the computers.
In practice, when applications executing on computers seek to refer to resources, the computers must first allocate or designate resources so that the applications can properly refer to them. When the applications no longer refer to a resource, the computers can deallocate or reclaim the resource for reuse. In computers each resource has a unique “handle” by which the resource can be referenced. The handle may be implemented in various ways, such as an address, array index, unique value, pointer, etc.
Resource management is relatively simple for a single computer because the events indicating when resources can be reclaimed, such as when applications no longer refer to them or after a power failure, are easy to determine. Resource management for distributed systems connecting multiple computers is more difficult because applications in several different computers may be using the same resource.
Disconnects in distributed systems can lead to the improper and premature reclamation of resources or to the failure to reclaim resources. For example, multiple applications operating on different computers in a distributed system may refer to resources located on other machines. If connections between the computers on which resources are located and the applications referring to those resources are interrupted, then the computers may reclaim the resources prematurely. Alternatively, the computers may maintain the resources in perpetuity, despite the extended period of time that applications failed to access the resources.
These difficulties have led to the development of systems to manage network resources, one of which is known as “distributed garbage collection.” That term describes a facility provided by a language or runtime system for distributed systems that automatically manages resources used by an application or group of applications running on different computers in a network.
In general, garbage collection uses the notion that resources can be freed for future use when they are no longer referenced by any part of an application. Distributed garbage collection extends this notion to the realm of distributed computing, reclaiming resources when no application on any computer refers to them.
Distributed garbage collection must maintain integrity between allocated resources and the references to those resources. In other words, the system must not be permitted to deallocate or free a resource when an application running on any computer in the network continues to refer to that resource. This reference-to-resource binding, referred to as “referential integrity,” does not guarantee that the reference will always grant access to the resource to which it refers. For example, network failures can make such access impossible. The integrity, however, guarantees that if the reference can be used to gain access to any resource, it will be the same resource to which the reference was first given.
Distributed systems using garbage collection must also reclaim resources no longer being referenced at some time in the finite future. In other words, the system must provide a guarantee against “memory leaks.” A memory leak can occur when all applications drop references to a resource, but the system fails to reclaim the resource for reuse because, for example, of an incorrect determination that some application still refers to the resource.
Referential integrity failures and memory leaks often result from disconnections between applications referencing the resources and the garbage collection system managing the allocation and deallocation of those resources. For example, a disconnection in a network connection between an application referring to a resource and a garbage collection system managing that resource may prevent the garbage collection system from determining whether and when to reclaim the resource. Alternatively, the garbage collection system might mistakenly determine that, since an application has not accessed a resource within a predetermined time, it may collect that resource. A number of techniques have been used to improve the distributed garbage collection mechanism by attempting to ensure that such mechanisms maintain referential integrity without memory leaks. One conventional approach uses a form of reference counting, in which a count is maintained of the number of applications referring to each resource. When a resource's count goes to zero, the garbage collection system may reclaim the resource. Such a reference counting scheme only works, however, if the resource is created with a corresponding reference counter. The garbage collection system in this case increments the resource's reference count as additional applications refer to the resource, and decrements the count when an application no longer refers to the resource.
Reference counting schemes, however, especially encounter problems in the face of failures that can occur in distributed systems. Such failures can take the form of a computer or application failure or network failure that prevent the delivery of messages notifying the garbage collection system that a resource is no longer being referenced. If messages go undelivered because of a network disconnect, the garbage collection system does not know when to reclaim the resource.
To prevent such failures, some conventional reference counting schemes include “keep-alive” messages, which are also referred to as “ping back.” According to this scheme, applications in the network send messages to the garbage collection system overseeing resources and indicate that the applications can still communicate. These messages prevent the garbage collection system from dropping references to resources. Failure to receive such a “keep-alive” message indicates that the garbage collection system can decrement the reference count for a resource and, thus, when the count reaches zero, the garbage collection system may reclaim the resource. This, however, can still result in the premature reclamation of resources following reference counts reaching zero from a failure to receive “keep-alive” messages because of network failures. This violates the referential integrity requirement.
Another proposed method for resolving referential integrity problems in garbage collection systems is to maintain not only a reference count but also an identifier corresponding to each computational entity referring to a resource. See A. Birrell, et al., “Distributed Garbage Collection for Network Objects,” No. 116, digital Systems Research Center, Dec. 15, 1993. This method suffers from the same problems as the reference counting schemes. Further, this method requires the addition of unique identifiers for each computational entity referring to each resource, adding overhead that would unnecessarily increase communication within distributed systems and add storage requirements (i.e., the list of identifiers corresponding to applications referring to each resource).
In accordance with the present invention, referential integrity is guaranteed without costly memory leaks by leasing resources for a period of time during which the parties in a distributed system, for example, an application holding a reference to a resource and the garbage collection system managing that resource, agree that the resource and a reference to that resource will be guaranteed. At the end of the lease period, the guarantee that the reference to the resource will continue lapses, allowing the garbage collection system to reclaim the resource. Because the application holding the reference to the resource and the garbage collection system managing the resource agree to a finite guaranteed lease period, both can know when the lease and, therefore, the guarantee, expires. This guarantees referential integrity for the duration of a reference lease and avoids the concern of failing to free the resource because of network errors. In addition to memory, the leasing technique can be applied to delegation certificates.
Consistent with an alternative embodiment of the present invention, as embodied and broadly described herein, a method for leasing delegation certificates is provided. This method comprises the steps of receiving a lease request from a client specifying a resource and a lease period, determining a lease period during which the client has authority to request from a server access to the resource, advising the client of the granted lease period, granting the client a delegation certificate which the client can use to access the resource from the server.
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the advantages and principles of the invention. In the drawings,
FIG. 1 is a flow diagram of the steps performed by the application call processor according to an implementation of the present invention;
FIG. 2 is a flow diagram of the steps performed by the server call processor to process dirty calls according to the implementation of the present invention;
FIG. 3 is a flow diagram of the steps performed by the server call processor to process clean calls according to the implementation of the present invention;
FIG. 4 is a flow diagram of the steps performed by the server call processor to initiate a garbage collection process according to the implementation of the present invention.
FIG. 5 is a diagram of a preferred flow of calls within a distributed processing system;
FIG. 6 is a block diagram of the components of the implementation of a method invocation service according to the present invention;
FIG. 7 is a diagram of a distributed processing system that can be used in an implementation of the present invention; and
FIG. 8 is a diagram of the individual software components in the platforms of the distributed processing system according to the implementation of the present invention.
FIG. 9 is a diagram of a data processing system for leasing delegation certificates in a distributed processing system that can be used in an alternative embodiment of the present invention; and
FIG. 10 is a flow diagram of the steps performed by the delegator process when another process (potential delegatee) requests a lease according to an alternative embodiment of the present invention; and
FIG. 11A and FIG. 11B represent a flow diagram of the steps performed by a process (potential delegatee) when requesting a lease from the delegator process according to an alternative embodiment of the present invention; and
FIG. 12 is a flow diagram of the steps performed by the server when a delegatee requests access to a resource according to an alternative embodiment of the present invention.
Reference will now be made in detail to an implementation of the present invention as illustrated in the accompanying drawings. Wherever possible, the same reference numbers will be used throughout the drawings and the following description to refer to the same or like parts.
The present invention may be implemented by computers organized in a conventional distributed processing system architecture. The architecture for and procedures to implement this invention, however, are not conventional, because they provide a distributed garbage collection scheme that ensures referential integrity and eliminates memory leaks.
A. Overview
A method invocation (MI) component located in each of the computers in the distributed processing system implements the distributed garbage collection scheme of this invention. The MI component may consist of a number of software modules preferably written in the JAVA™ programming language.
In general, whenever an application in the distributed processing system obtains a reference to a distributed resource, by a name lookup, as a return value to some other call, or another method, and seeks to access the resource, the application makes a call to the resource or to an MI component managing the resource. That MI component, called a managing MI component, keeps track of the number of outstanding references to the resource. When the number of references to a reference is zero, the managing MI component can reclaim the resource. The count of the number of references to a resource is generally called the “reference count” and the call that increments the reference count may be referred to as a “dirty call.”
When an application no longer requires a distributed resource, it sends a different call to the resource or the managing MI component. Upon receipt of this call, the managing MI component decrements the reference count for the resource. This call to drop a reference may be referred to as a “clean call.”
In accordance with an implementation of the present invention, a dirty call can include a requested time interval, called a lease period, for the reference to the resource. Upon receipt of the dirty call, the managing MI component sends a return call indicating a period for which the lease was granted. The managing MI component thus tracks the lease period for those references as well as the number of outstanding references. Consequently, when the reference count for a resource goes to zero or when the lease period for the resource expires, the managing MI component can reclaim the resource.
B. Procedure
An application call processor in an MI component performs the steps of the application call procedure 100 illustrated in FIG. 1. The server call processor in the managing MI component performs the steps of the procedures 200, 300, and 400 illustrated in FIGS. 2-4, respectively. The managing MI component's garbage collector performs conventional procedures to reclaim resources previously bound to references in accordance with instructions from the server call processor. Accordingly, the conventional procedures of the garbage collector will not be explained.
1. Application Call Processor
FIG. 1 is a flow diagram of the procedure 100 that the application call processor of the MI component uses to handle application requests for references to resources managed by the same or another MI component located in the distributed processing system.
After an application has obtained a reference to a resource, the application call processor sends a dirty call, including the resource's reference and a requested lease period to the managing MI component for the resource (step 110). The dirty call may be directed to the resource itself or to the managing MI component.
The application call processor then waits for and receives a return call from the managing MI component (step 120). The return call includes a granted lease period during which the managing MI component guarantees that the reference of the dirty call will be bound to its resource. In other words, the managing MI component agrees not to collect the resource corresponding to the reference of a dirty call for the grant period. If the managing MI component does not provide a grant period, or rejects the request for a lease, then the application call processor will have to send another dirty call until it receives a grant period.
The application call processor monitors the application's use of the reference and, either when the application explicitly informs the application call processor that the reference is no longer required or when the application call processor makes this determination on its own (step 130), the application call processor sends a clean call to the managing MI component (step 140). In a manner similar to the method used for dirty calls, the clean call may be directed to the referenced resource and the managing MI component will process the clean call. Subsequently, the application call processor eliminates the reference from a list of references being used by the application (step 150).
If the application is not yet done with the reference (step 130), but the application call processor determines that the grant period for the reference is about to expire (step 160), then the application call processor repeats steps 110 and 120 to ensure that the reference to the resource is maintained by the managing MI component on behalf of the application.
2. Server Call Processor
The MI component's server call processor performs three main procedures: (1) handling dirty calls; (2) handling incoming clean calls; and (3) initiating a garbage collection cycle to reclaim resources at the appropriate time.
(i) Dirty Calls
FIG. 2 is a flow diagram of the procedure 200 that the MI component's server call processor uses to handle requests to reference resources, i.e., dirty calls, that the MI software component manages. These requests come from application call processors of MI components in the distributed processing system, including the application call processor of the same MI component as the server call processor handling requests.
First, the server call processor receives a dirty call (step 210). The server call processor then determines an acceptable grant period (step 220). The grant period may be the same as the requested lease period or some other time period. The server call processor determines the appropriate grant period based on a number of conditions including the amount of resource required and the number of other grant periods previously granted for the same resource.
When the server call processor determines that a resource has not yet been allocated for the reference of a dirty call (step 230), the server call processor allocates the required resource (step 240).
The server call processor then increments a reference count corresponding to the reference of a dirty call (step 250), sets the acceptable grant period for the reference-to-resource binding (step 260), and sends a return call to an application call processor with the grant period (step 270). In this way, the server call processor controls incoming dirty calls regarding references to resources under its control.
Applications can extend leases by sending dirty calls with an extension request before current leases expire. As shown in procedure 200, a request to extend a lease is treated just like an initial request for a lease. An extension simply means that the resource will not be reclaimed for some additional interval of time, unless the reference count goes to zero.
(ii) Clean Calls
The MI component's server call processor also handles incoming clean calls from application call processors. When an application in the distributed processing system no longer requires a reference to a resource, it informs the MI component managing the resource for that reference so that the resource may be reclaimed for reuse. FIG. 3 is a flow diagram of the procedure 300 with the steps that the MI component's server call processor uses to handle clean calls.
When the server call processor receives a clean call with a reference to a resource that the MI component manages (step 310), the server call processor decrements a corresponding reference count (step 320). The clean call may be sent to the resource, with the server call processor monitoring the resource and executing the procedure 300 to process the call. Subsequently, the server call processor sends a return call to the MI component that sent the clean call to acknowledge receipt (step 330). In accordance with this implementation of the present invention, a clean call to drop a reference may not be refused, but it must be acknowledged.
(iii) Garbage Collection
The server call processor also initiates a garbage collection cycle to reclaim resources for which it determines that either no more references are being made to the resource or that the agreed lease period for the resource has expired. The procedure 400 shown in FIG. 4 includes a flow diagram of the steps that the server call processor uses to initiate a garbage collection cycle.
The server call processor monitors reference counts and granted lease periods and determines whether a reference count is zero for a resource managed by the MI component, or the grant period for a reference has expired (step 410). When either condition exists, the server call processor initiates garbage collection (step 420) of that resource. Otherwise, the server call processor continues monitoring the reference counts and granted lease periods.
C. Call Flow
FIG. 5 is a diagram illustrating the flow of calls among MI components within the distributed processing system. Managing MI component 525 manages the resources 530 by monitoring the references to those resources 530 (see garbage collect 505). Because the managing MI components 525 manages the resources, the server call processor of managing MI component 525 performs the operations of this call flow description.
FIG. 5 also shows that applications 510 and 540 have corresponding MI components 515 and 545, respectively. Each of the applications 510 and 540 obtains a reference to one of the resources 530 and seeks to obtain access to one of the resources 530 such that a reference is bound to the corresponding resource. To obtain access, applications 510 and 540 invoke their corresponding MI components 515 and 545, respectively, to send dirty calls 551 and 571, respectively, to the MI component 525. Because the MI components 515 and 525 handle application requests for access to resources 530 managed by another MI component, such as managing MI component 525, the application call processors of MI components 515 and 545 perform the operations of this call flow description.
In response to the dirty calls 551 and 571, managing MI component 525 sends return calls 552 and 572, respectively, to each of the MI components 515 and 545, respectively. The dirty calls include granted lease periods for the references of the dirty calls 551 and 571.
Similarly, FIG. 5 also shows MI components 515 and 545 sending clean calls 561 and 581, respectively, to managing MI component 525. Clean calls 561 and 581 inform managing MI component 525 that applications 510 and 540, respectively, no longer require access to the resource specified in the clean calls 561 and 581. Managing MI component 525 responds to clean calls 561 and 581 with return calls 562 and 582, respectively. Return calls 562 and 582 differ from return calls 552 and 572 in that return calls 562 and 582 are simply acknowledgments from MI component 525 of the received clean calls 561 and 581.
Both applications 510 and 540 may request access to the same resource. For example, application 510 may request access to “RESOURCE(1)” while application 540 was previously granted access to that resource. MI component 525 handles this situation by making the resource available to both applications 510 and 540 for agreed lease periods. Thus, MI component 525 will not initiate a garbage collection cycle to reclaim the “RESOURCE(1)” until either applications 510 and 540 have both dropped their references to that resource or the latest agreed periods has expired, whichever event occurs first.
By permitting more than one application to access the same resource simultaneously, the present invention also permits an application to access a resource after it sent a clean call to the managing MI component dropping the reference to the resource. This occurs because the resource is still referenced by another application or the reference's lease has not yet expired so the managing MI component 525 has not yet reclaimed the resource. The resource, however, will be reclaimed after a finite period, either when no more applications have leases or when the last lease expires.
D. MI Components
FIG. 6 is a block diagram of the modules of an MI component 600 according to an implementation of the present invention. MI component 600 can include a reference component 605 for each reference monitored, application call processor 640, server call processor 650, and garbage collector 660.
E. Distributed Processing System
FIG. 7 illustrates a distributed processing system 50 which can be used to implement the present invention. In FIG. 7, distributed processing system 50 contains three independent and heterogeneous platforms 100, 200, and 300 connected in a network configuration represented by the network cloud 55. The composition and protocol of the network configuration represented in FIG. 7 by the cloud 55 is not important as long as it allows for communication of the information between platforms 700, 800 and 900. In addition, the use of just three platforms is merely for illustration and does not limit the present invention to the use of a particular number of platforms. Further, the specific network architecture is not crucial to this invention. For example, another network architecture that could be used in accordance with this invention would employ one platform as a network controller to which all the other platforms would be connected.
In the implementation of distributed processing system 50, platforms 700, 800 and 900 each include a processor 710, 810, and 910 respectively, and a memory, 750, 850, and 950, respectively. Included within each processor 710, 810, and 910, are applications 720, 820, and 920, respectively, operating systems 740, 840, and 940, respectively, and MI components 730, 830, and 930, respectively.
Sun, Sun Microsystems, Solaris, Java, and the Sun Logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. UltraSparc and all other SPARC trademarks are used under license and are trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.
E. MI Services
The present invention may be implemented using a client/server model. The client generates requests, such as the dirty calls and clean calls, and the server responds to requests.
Each of the MI components 730, 830 and 930 shown in FIG. 7 preferably includes both client components and server components. FIG. 8, which is a block diagram of a client platform 1000 and a server platform 1100, applies to any two of the platforms 700, 800, and 900 in FIG. 7.
For purposes of the discussion that follows, however, platform 1000 is designated the client platform and platform 1100 is designated as the server platform. In this example, client application 1020 obtains references to distributed resources and uses MI component 1030 to send dirty calls to the resources managed by MI component 1130 of server platform 1100.
Additionally, server platform 1100 may be executing a server application 1120. Server application 1120 may also use MI component 1130 to send dirty calls, which may be handled by MI component 1130 when the resources of those dirty calls are managed by MI component 1130. Alternatively, server application 1120 may use MI component 1130 to send dirty calls to resources managed by MI component 1030.
Accordingly, server call processor 1031, garbage collector 1033, and reference count 1035 for MI component 1030 of client platform 1000 are not active and are therefore presented in FIG. 8 as shaded. Likewise, application call processor 1132 of MI component 1130 of the server platform 1100 is shaded because it is also dormant.
When client application 1020 obtains a reference corresponding to a resource, application call processor 1032 sends a dirty call, which server call processor 1131 receives. The dirty call includes a requested lease period. Server call processor 1131 increments the reference count 1135 for the reference in the dirty call and determines a grant period. In response, server call processor 1131 sends a return call to application call processor 1030 with the grant period. Application call processor 1032 uses the grant period to update recorded grant period 1035, and to determine when the resource corresponding to the reference of its dirty call may be reclaimed.
The leased-reference scheme according to the implementation of the present invention does not require that the clocks on the platforms 1000 and 1100 involved in the protocol be synchronized. The scheme merely requires that they have comparable periods of increase. Leases do not expire at a particular time, but rather expire after a specific time interval. As long as there is approximate agreement on the interval, platforms 1000 and 1100 will have approximate agreement on the granted lease period. Further, since the timing for the lease is, in computer terms, fairly long, minor differences in clock rate will have little or no effect.
The transmission time of the dirty call can affect the protocol. If MI component 1030 holds a lease to reference and waits until just before the lease expires to request a renewal, the lease may expire before the MI component 1130 receives the request. If so, MI component 1130 may reclaim the resource before receiving the renewal request. Thus, when sending dirty calls, the sender should add a time factor to the requested lease period in consideration of transmission time to the platform handling the resource of a dirty call so that renewal dirty calls may be made before the lease period for the resource expires.
F. Conclusion
In accordance with the present invention a distributed garbage collection scheme ensures referential integrity and eliminates memory leaks by providing granted lease periods corresponding to references to resources in the distributed processing system such that when the granted lease periods expire, so do the references to the resources. The resources may then be collected. Resources may also be collected when they are no longer being referenced by processes in the distributed processing system with reference to counters assigned to the references for the resources.
The leasing technique, described above, relates to garbage collection. However, an alternative embodiment of the present invention, as described below, can be used with delegation certificates.
A delegation certificate allows one actor (“a delegator”) with sufficient privilege to access a resource to delegate its authority to access this resource to another actor (“a delegatee”) who then accesses the resource on behalf of the delegator.
However, for security purposes, the delegator may not want to delegate to the delegatee carte blanche permission to access the resource for fear the delegatee may abuse its privilege either intentionally or unintentionally. Thus, the delegator may want to impose limits on the delegatee's access, such as the type of access permitted or the length of time access is permitted. The leasing of delegation certificates allows the delegator to control and limit the delegatee's access, thus providing additional security.
Delegation certificates can be leased to access various resources, such as files. An example of a delegation follows: a delegator may have confidential tax files managed by a file system manager. By prior negotiation, the file system manager will only grant access to these files to the owner, the delegator. However, the owner may need the taxes to be calculated by a tax program, so the owner delegates authority to the tax program, the delegatee, to access the tax files for a limited time, until April 15. Accordingly, the owner grants the tax program permission, via a delegation certificate, to access the files controlled by the file system manager until April 15th. This is accomplished by leasing the delegation certificate to the tax program such that the lease expires on April 15th. If the tax program attempts to access the file after this date, the lease expires and it is prevented from doing so by the file system manager.
The leasing of delegation certificates allows the owner to control or limit access to the files by the tax program. More specifically, the tax program requests a lease from the owner for access to the files stored with the file system manager for read access until April 15th. If a lease is granted, the owner sends to the tax program a delegation certificate that indicates the tax program is entitled to read-only access to the owner's files.
The file system manager has the responsibility of authenticating the delegation certificate as well as to determine the type and length of the tax program's access. At no time can the tax program directly change the contents of the delegation certificate. However, the tax program can request the owner to renew the lease (i.e., if the tax program requires additional time to access the file) or to cancel the lease, (i.e., if the tax program's access is completed before the lease period expires).
The delegation certificate is an object that proves the identity of the delegator and has a set of corresponding rights attached to it. In particular, the delegation certificate object contains a principal identifier, some means for proving the identification, and a specification of the rights. The specification of the rights includes methods for determining the type of access requested and the duration of a lease. In addition, the object includes methods for canceling a lease and for renewing a lease. Finally, the methods may generate exceptions that, when accessed, set forth the reason why invocation of the method was unsuccessful.
The object is an instance of a class that may be extended in many ways to offer more functionality, but the basic class is defined as follows:
interface Lease { |
obj FileHandle; |
public void getIdentfier (); | |
public void getAuthentication (); | |
public void getAccesstype (); | |
public long getDuration (); | |
public void renew (long renewDuration) throws |
LeaseDeniedException, | |
UnknownLeaseException, | |
RemoteException; |
public void cancel () throws |
UnknownLeaseException, | |
RemoteException |
} | ||
The principal identifier gives the delegatee the appearance of being the delegator when the delegatee communicates with the system manager. The integrity of the identification is assured by any number of known authentication methods, such as public-key, challenge-response protocol, or shared secret technology.
Invoking the access type method provides the type of access the delegator permits. This method can be invoked by whoever has the delegation certificate, either the delegator, the delegatee, or the file system manager. For instance, the delegates will invoke the method to determine what type of access it is permitted to seek from the file system manager. The file system manager will invoke the method to determine what type of access it is permitted to grant. For example, the delegator may deem a particular file as read-only access. In this case, the file system manager will only allow read access for a subsequently granted lease for that particular file. Conversely, an attempt by the delegatee to write to that storage location would not be permitted by the file system manager.
Invoking the duration method provides the length of the granted lease period. This period represents the most recent lease granted by the delegator.
The renew method permits the renew of the lease, asking for more time, without having to re-initiate the original lease request. Situations where the delegatee may desire to renew the lease include when the original lease proves to be insufficient (i.e., the delegatee requires additional use of the storage location), or when only a partial lease (i.e., less than the requested lease) is granted.
In addition, the renew method can be continually invoked in order to obtain sequential lease periods. The renew method, however, cannot be invoked if the delegatee does not have an active lease. Also, the renew method has no return value; if the renewal is granted, the new lease period will be reflected in the lease object on which the call was made. If the delegator is unable or unwilling to renew the lease, the reason is set forth in the LeaseDeniedException generated by the renew method.
The cancel method is invoked when there is still time left on the lease, but the delegatee no longer desires access. The cancel method may also be invoked by the delegator if, for instance, it wants to cancel the delegatee's access. Thus, cancel allows the file, for example, to be reclaimed. In contrast, upon the end of a lease, (i.e., natural termination occurs), there is no notification obligation by the delegatee.
FIG. 9 depicts a data processing system 9000 suitable for use for by an alternative embodiment of the present invention. The data processing system 9000 includes a computer system 9002 connected to the Internet 9004. The computer system 9002 includes a memory 9010, a secondary storage device 9018, a central processing unit (CPU) 9024, an input device 9026, and a video display 9022. The secondary storage device 9018 further includes a number of files 9020. The memory 9010 further includes a delegator program 9008, a delegatee program 9010, and an operating system 9014 containing a file system manager 9016. The file system manager 9016 manages files 9020 on the secondary storage device 9018. The delegates 9010 requests access to a secondary storage device 9018 by requesting a lease from the delegator 9008. In response, the delegator 9008 may either grant or deny the lease as further described below. If the delegator 9008 grants the lease to the delegatee 9010, the delegatee 9010 then requests access to the secondary storage device 9018 from the file system manager 9016. One skilled in the art will appreciate that computer 9000 may contain additional or different components.
Although aspects of the alternative embodiment are described as being stored in memory 9010, one skilled in the art will appreciate that these aspects may also be stored in other computer readable media, such as secondary storage devices, like hard disks, floppy disks, or CD-ROM; a carrier wave from the Internet 9004; or other forms of RAM or ROM.
FIG. 10 depicts a flow chart of the steps performed by the delegator 9008 when receiving a lease request from the delegatee 9010. The first step performed by the delegator is to request the delegatee to access a resource, such as a file, on the delegator's behalf (step 10002). At some point later, the delegator will receive a lease request from the delegates (step 10004). This request is a function call that includes a number of parameters including (1) the requested file the delegatee wishes to lease, (2) the desired lease period, and (3) the type of access the delegates desires.
The requested file parameter contains an indication of the file to be leased. The desired lease period contains an amount of time the delegatee wants to utilize the file. The type of access requested indicates the type of access the client requested. For example, the delegatee may request read access or write access. To form a valid request, the delegatee request must contain both the file desired and the desired lease. After receiving the request, the delegator examines the parameters to verify the propriety of the request (step 10006).
After examining the parameters, the delegator determines if the request is, in fact, proper (step 10008). For example, the delegator checks if the requested file is a file that the delegator has the ability to lease. Also, the delegator verifies that some lease period is specified. Additionally, the delegator checks if the type of access requested is available. If the delegator determines that the lease request is improper, the delegator generates an exception (step 10010) and processing ends.
If the delegator determines that the lease request is proper, the delegator determines a sufficient lease period (step 10012). For example, if access to the delegator's tax files are requested, the delegator may grant a lease period up to April 15. Next, the delegator creates a lease object and returns the object to the delegatee (step 10020) and processing ends.
FIGS. 11A and 11B depict a flowchart of the steps performed by the delegatee 9010 when requesting a lease from the delegator 9008. The first step performed by the potential delegatee is to receive a request by the delegatee that entails accessing a file on the delegator's behalf (step 11001). At some point later, the delegatee sends a request for a lease to the delegator (step 11002). This request is a function call and is described in step 10004 in FIG. 10.
After sending the request, the delegatee receives a lease object from the delegator (step 11004). The lease object, as described above, includes the principal identifier, the authentication method, the access-type method, the lease duration method, the renew method, the cancel method.
Next, the delegatee, by examining the lease object, determines if a lease was granted (step 11006). If the delegatee determines that a lease was not granted, the delegatee invokes the exception method (step 11008), which allows the delegatee to determine why a lease was not granted. If the delegatee determines that the lease was not granted because of an improper request (step 11010), the delegates reconfigures the request (step 11012), and processing continues to step 11002. However, if the delegatee determines that the lease was not granted for reasons other than an improper request, processing ends. Note, the delegator may grant multiple leases to the same file, since it is ultimately the responsibility of the file system manager to referee actual access to the file.
If the delegatee, in step 11006, determines that a lease was granted by the delegator, next the delegates requests access to the file from the file system manager, by sending an access request (step 11018). Processing then continues to step 11020 in FIG. 11B.
After the delegatee sends the access request to the file system manager in step 11018 in FIG. 11A, the delegatee determines, by examining the lease object, if the file system manager granted the delegatee access to the file (step 11020). If the delegates determines that access was not granted by the file system manager, the delegatee invokes the exception method, contained in the object returned by the file system manager, which allows the delegatee to determine why access was not granted (step 11022).
If the delegatee determines that access was not granted because of an improper request (step 11024), processing ends. On the other hand, if the request was proper, the delegatee determines if access was not granted because the file system manager allocated the file to another leaseholder (step 11026). If the delegatee determines the file is busy, the delegatee waits for a predetermined period of time (step 11028) and processing continues to step 11018 in FIG. 11A. If the delegatee determines that access to the file was denied for some other reason, processing ends.
If the delegatee determines, in step 11020, that the file system manager granted the delegates access to the file, then the delegates can access the file (step 11030). Next, the delegatee determines if it is finished accessing the file (step 11032).
If the delegatee's use is completed, the delegatee determines if the lease expired, (i.e., the lease is no longer active) (step 11034). If the lease expired, processing ends and no communication is necessary between the delegatee and the file system manager (i.e., natural termination occurs). Otherwise, if the lease is still active the delegatee invokes the cancel method (step 11036). The delegatee accesses the cancel method via the lease object. The cancel method informs the file system manager and the delegator that the delegatee is no longer interested in the file. Accordingly, the cancel method allows the file system manager to reclaim the file for use by other lease holders in an expeditious fashion.
If the delegatee determines in step 11032 that it still desires access to the file, the delegatee determines if the lease is about to expire (step 11038). This is achieved by the delegatee comparing the duration of the lease with current time minus the time when the lease was granted. The duration of the lease is found by invoking the duration method. If the lease is not about to expire, the delegatee continues to access the file (step 11030).
However, if the lease is about to expire in step 11038, the delegatee must decide whether or not to renew the lease (step 11040). If the delegatee chooses to renew the lease, the delegatee invokes the renew method of the lease object. If the renew method is invoked, processing continues to step 11002 in FIG. 11A. If the delegates does not renew the lease, then processing ends and no communication is necessary between the delegatee and the file system manager (i.e., natural termination occurs).
FIG. 12 depicts a flow chart of the steps performed by the file system manager 9016 when a delegatee process 9008 requests access to a file. The first step performed by the file system manager is to receive an access request by the delegatee (step 1202). After receiving the request, the file system manager authenticates the delegatee's identity by invoking the principal identifier method and the authentication method, via the lease object (step 1203). If the file system manager determines that the delegatee's lacks the proper identity to access the file (step 1204), the file system manager generates an exception (step 1206) and processing ends.
If the file system manager determines in step 1204 that the delegatee's identity is authentic, the file system manager invokes the getAccess type method (step 1208). By invoking the getAccess type method, the file system manager is able to determine which type of access the delegatee desires. Next, the file system manager determines if the file is available for the type of access requested (step 1210). If the file system manager determines that the file is unavailable, the file system manager generates an exception (step 1206) and processing ends.
If the file system manager determines, in step 1210, that the file is available, the file system manager invokes the duration method (step 1212). The file system manager invokes the duration method in order to determine if there is time left on the delegatee's lease. If the file system manager determines that the delegatee's lease is active (step 1214), the file system manager grants the delegatee access to the file (step 1218). After granting the delegatee access to the file, the file system manager returns to step 1212.
If the file system manager determines in step 1214 that the lease is not active, the file system manager will reclaim the file (step 1216). After reclaiming the file, the file system manager generates an exception (step 1206) and processing ends.
The foregoing description of an implementation of the invention has been presented for purposes of illustration and description. It is not exhaustive and does not limit the invention to the precise form disclosed. Modifications and variations are possible in light of the above teachings or may be acquired from practicing of the invention. For example, the described implementation includes software but the present invention may be implemented as a combination of hardware and software or in hardware alone. The scope of the invention is defined by the claims and their equivalents.
Claims (46)
1. A method in a processing system, comprising the steps of:
receiving a lease request from a program, the lease request specifying a resource and a requested lease period;
determining a lease period during which the program has authority to access the resource; and
sending to the program a delegation certificate for use by the program to access the resource during the determined lease period.
2. A method for managing a resource in a system that includes a client, a server that manages the resource, and a delegator authorized to use the resource, said method comprising the steps of:
the client receiving from the delegator a lease that delegates to the client use of the resource for a lease period; and
the server providing the client with access to the resource for the lease period.
3. The method of claim 2, wherein the receiving step includes the step of:
requesting by the client a lease from the delegator for using the resource.
4. The method of claim 2, wherein the receiving step includes the step of:
providing by the delegator to the client a delegation certificate that delegates to the client the delegator's authority to use the resource.
5. The method of claim 2, wherein the providing step includes the step of:
identifying an identity of the client by invoking code provided by the delegator to the client.
6. The method of claim 2, wherein the providing step includes the step of:
authenticating an identity of the client by invoking code provided by the delegator to the client.
7. The method of claim 2, wherein the providing step includes the step of:
the client managing the lease by invoking code provided by the delegator to the client.
8. A method for managing a resource in a system that includes a client, a server that manages the resource, and a delegator authorized to use the resource, said method comprising the steps of:
the client requesting from the delegator a lease for using the resource;
the delegator granting the requested lease to the client for a lease period; and
the client using the resource for the lease period.
9. The method of claim 8, wherein the granting step includes the step of:
determining the lease period during which the client is authorized to use the resource.
10. The method of claim 8, wherein the granting step includes the step of:
providing to the client a delegation certificate that authorizes the client to use the resource for the granted lease period.
11. The method of claim 8, wherein the granting step includes the step of:
providing to the client a method for identifying the client as the delegator to the server.
12. The method of claim 8, wherein the granting step includes the step of:
providing to the client a method for use by the server for authenticating identification of the client.
13. The method of claim 12, wherein the providing step includes the step of:
providing to the client an authentication method that uses a public key.
14. The method of claim 12, wherein the providing step includes the step of:
providing to the client an authentication method that uses a challenge-response protocol.
15. The method of claim 12, wherein the providing step includes the step of:
providing to the client an authentication method that uses a shared secret method.
16. The method of claim 8, wherein the granting step includes the step of:
providing to the client a method for determining a type of access to the resource authorized by the delegator.
17. The method of claim 8, wherein the granting step includes the step of:
providing to the client a method for use by the server for determining a type of access that the server grants to the client for using the resource when the client requests from the server access to the resource.
18. The method of claim 8, wherein the granting step includes the step of:
providing to the client a method for use by the server for determining the lease period.
19. The method of claim 8, wherein the granting step includes the step of:
providing to the client a method for canceling the granted lease when the client completes using the resource.
20. The method of claim 8, wherein the granting step includes the step of:
providing to the client a method for renewing the granted lease when the lease period is near expiration.
21. The method of claim 8, wherein the using step includes the step of:
the client requesting from the server access to the resource according to the granted lease.
22. The method of claim 8, further comprising the step of:
reclaiming the resource by the server when the client cancels the granted lease.
23. The method of claim 8, further comprising the step of:
reclaiming the resource by the server when the granted lease expires.
24. The method of claim 8, further comprising the step of:
the delegator requesting from the client to perform a task that requires use of the resource.
25. The method of claim 8, wherein the using step includes the step of:
the client requesting from the server access to the resource.
26. The method of claim 8, wherein the using step includes the step of:
authenticating by the server, based on a delegation certificate provided by the delegator, an identity of the client when the server receives a request from the client to use the resource.
27. The method of claim 8, wherein the using step includes the step of:
the server determining, based on a delegation certificate provided by the delegator, a type of access by the client to the resource.
28. A data processing system, comprising:
a memory including:
a client program containing first code that requests a lease for accessing a resource;
a delegator program having access to the resource and containing second code for granting the lease to the client for a lease period by providing the client program with a delegation certificate; and
a server program containing third code for granting access by the client to the resource based on the delegation certificate; and
a processor for running the client program, the server program, and the delegator program.
29. An apparatus, comprising:
a requesting means for requesting access to a resource;
a delegation means for delegating to the requesting means an authorization to access the resource; and
a resource allocating means for granting access by the requesting means to the resource based on the delegated authorization.
30. A computer-readable memory device encoded with a data structure for using a resource in a system including a client, a server that manages the resource, and a delegator authorized to access the resource, the data structure comprising:
an object including:
a first method for identifying the client to the server as the delegator when the client requests from the server access to the resource;
a second method for authenticating identification of the client;
a third method for determining type of access by the client to the resource and duration of access by the client to the resource; and
a fourth method for managing access by the client to the resource.
31. The computer-readable memory device of claim 30, wherein the fourth method includes a method for renewing a lease granted by the delegator to the client for accessing the resource.
32. The computer-readable memory device of claim 30, wherein the fourth method includes a method for canceling a lease granted by the delegator to the client for accessing the resource.
33. A computer-readable medium containing instructions for controlling a data processing system to perform a method, the data processing system including a client, a server that manages a resource, and a delegator authorized to access the resource, said method comprising the steps of:
the client requesting from the delegator a lease for using the resource;
the delegator providing to the client a delegation certificate that grants the lease to the client for a lease period; and
the server granting access to the resource by the client based on the delegation certificate.
34. The computer-readable medium of claim 33, further comprising the step of:
managing by the client the granted lease using the delegation certificate.
35. The computer-readable medium of claim 33, wherein the providing step includes the step of:
providing to the client a method for determining duration of the granted lease period.
36. The computer-readable medium of claim 33, wherein the providing step includes the step of:
providing to the client a method for determining a type of access authorized by the delegator.
37. The computer-readable medium of claim 33, wherein the providing step includes the step of:
providing to the client a method for renewing the granted lease.
38. The computer-readable medium of claim 33, wherein the providing step includes the step of:
providing to the client a method for canceling the granted lease.
39. The computer-readable medium of claim 33, wherein the granting step includes the step of:
invoking a method in the delegation certificate to determine identity of the client.
40. The computer-readable medium of claim 33, wherein the granting step includes the step of:
invoking a method in the delegation certification to authenticate identification of the client.
41. The computer-readable medium of claim 33, wherein the granting step includes the step of:
invoking a method in the delegation certificate to determine a type of access by the client to the resource.
42. The computer-readable medium of claim 33, wherein the granting step includes the step of:
invoking a method in the delegation certificate to determine duration of the granted lease period.
43. A method for using a resource in a system that includes a client, a server that manages the resource, and a delegator authorized to use the resource, said method comprising the steps of:
the client requesting from the delegator a lease for accessing the resource;
the client receiving from the delegator a lease object that delegates an authorization to use the resource for a lease period; and
the client accessing the resource according to the delegated authorization.
44. The method of claim 43, further comprising the step of:
the client managing the lease by invoking one or more methods in the lease object.
45. A method for managing a resource in a system that includes a client, a server that manages the resource, and a delegator authorized to use the resource, said method comprising the steps of:
the delegator receiving from the client a request for a lease for accessing the resource; and
the delegator providing a lease object that delegates to the client an authorization to use the resource for a lease period.
46. A method for managing a resource in a system that includes a client, a server that manages the resource, and a delegator authorized to use the resource, said method comprising the steps of:
the server receiving from the client a request for accessing the resource, the request having an associated lease object that delegates to the client an authorization from the delegator to access the resource for a lease period;
the server authenticating the request by invoking a first method on the lease object;
the server determining the lease period by invoking a second method on the lease object;
the server determining a type of access by the client to the resource by invoking a third method on the lease object; and
the server providing the client with access to the resource when the request is authenticated, the lease period is active, and the type of access is authorized.
Priority Applications (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/044,838 US6247026B1 (en) | 1996-10-11 | 1998-03-20 | Method, apparatus, and product for leasing of delegation certificates in a distributed system |
KR1020007009396A KR20010041296A (en) | 1998-02-26 | 1999-02-17 | Method, apparatus, and product for leasing of delegation certificates in a distributed system |
CN99805396A CN1298509A (en) | 1998-02-26 | 1999-02-17 | Method, apparatus, and product for leasing of delegation certificates in a distributed system |
JP2000533814A JP2002505470A (en) | 1998-02-26 | 1999-02-17 | Method, apparatus, and product for lease of delegated authentication in distributed system |
EP99936130A EP1062580A1 (en) | 1998-02-26 | 1999-02-17 | Method, apparatus, and product for leasing of delegation certificates in a distributed system |
PCT/US1999/003400 WO1999044130A1 (en) | 1998-02-26 | 1999-02-17 | Method, apparatus, and product for leasing of delegation certificates in a distributed system |
AU32972/99A AU3297299A (en) | 1998-02-26 | 1999-02-17 | Method, apparatus, and product for leasing of delegation certificates in a distributed system |
US09/332,031 US6708171B1 (en) | 1996-04-23 | 1999-06-14 | Network proxy |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/729,421 US5832529A (en) | 1996-10-11 | 1996-10-11 | Methods, apparatus, and product for distributed garbage collection |
US7604898P | 1998-02-26 | 1998-02-26 | |
US09/044,838 US6247026B1 (en) | 1996-10-11 | 1998-03-20 | Method, apparatus, and product for leasing of delegation certificates in a distributed system |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US08/729,421 Continuation-In-Part US5832529A (en) | 1996-10-11 | 1996-10-11 | Methods, apparatus, and product for distributed garbage collection |
US09/044,834 Continuation-In-Part US6421704B1 (en) | 1996-04-23 | 1998-03-20 | Method, apparatus, and product for leasing of group membership in a distributed system |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/044,923 Continuation-In-Part US6263350B1 (en) | 1996-04-23 | 1998-03-20 | Method and system for leasing storage |
Publications (1)
Publication Number | Publication Date |
---|---|
US6247026B1 true US6247026B1 (en) | 2001-06-12 |
Family
ID=26722055
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/044,838 Expired - Lifetime US6247026B1 (en) | 1996-04-23 | 1998-03-20 | Method, apparatus, and product for leasing of delegation certificates in a distributed system |
Country Status (7)
Country | Link |
---|---|
US (1) | US6247026B1 (en) |
EP (1) | EP1062580A1 (en) |
JP (1) | JP2002505470A (en) |
KR (1) | KR20010041296A (en) |
CN (1) | CN1298509A (en) |
AU (1) | AU3297299A (en) |
WO (1) | WO1999044130A1 (en) |
Cited By (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020078213A1 (en) * | 2000-12-15 | 2002-06-20 | Ching-Jye Chang | Method and system for management of resource leases in an application framework system |
US20030065577A1 (en) * | 2001-10-03 | 2003-04-03 | International Business Machines Corporation | Method for purging abandoned shopping carts from an electronic commerce web site |
US20030101200A1 (en) * | 2001-11-28 | 2003-05-29 | Noritaka Koyama | Distributed file sharing system and a file access control method of efficiently searching for access rights |
US20030233541A1 (en) * | 2002-06-14 | 2003-12-18 | Stephan Fowler | System and method for network operation |
US20040003112A1 (en) * | 2002-06-28 | 2004-01-01 | Microsoft Corporation | Identity-based distributed computing for device resources |
US20040111608A1 (en) * | 2002-12-05 | 2004-06-10 | Microsoft Corporation | Secure recovery in a serverless distributed file system |
US6792424B1 (en) * | 1999-04-23 | 2004-09-14 | International Business Machines Corporation | System and method for managing authentication and coherency in a storage area network |
US20040181530A1 (en) * | 2001-08-29 | 2004-09-16 | Smith Lawrence T. | Distributed networking system for resource-constrained computing devices |
US20050262378A1 (en) * | 2004-05-03 | 2005-11-24 | Microsoft Corporation | Systems and methods for automatic maintenance and repair of enitites in a data model |
US20070094272A1 (en) * | 2005-10-20 | 2007-04-26 | Wen-Hsi Yeh | Method and system for managing distributed storage of digital contents |
US20090064280A1 (en) * | 2007-09-05 | 2009-03-05 | Oracle International Corporation | Framework for delegating roles in human resources erp systems |
US20090063240A1 (en) * | 2007-08-30 | 2009-03-05 | Oracle International Corporation | Routing transactions in a multiple job environment using an approval framework |
US20090199184A1 (en) * | 2008-02-01 | 2009-08-06 | Arimilli Ravi K | Wake-and-Go Mechanism With Software Save of Thread State |
US20090204612A1 (en) * | 2008-02-12 | 2009-08-13 | Bae Systems Information And Electronic Systems Integration Inc. | Apparatus and method for dynamic web service discovery |
US20090254978A1 (en) * | 2008-04-02 | 2009-10-08 | Microsoft Corporation | Delegated authentication for web services |
US20090276860A1 (en) * | 2005-11-02 | 2009-11-05 | Naohide Miyabashi | Method of protecting confidential file and confidential file protecting system |
US20100077197A1 (en) * | 2004-05-03 | 2010-03-25 | Microsoft Corporation | Non-volatile memory cache performance improvement |
US20100287180A1 (en) * | 2006-02-21 | 2010-11-11 | Electronics And Telecommunications Research Institute | Apparatus and Method for Issuing Certificate with User's Consent |
US20110022662A1 (en) * | 2009-07-23 | 2011-01-27 | International Business Machines Corporation | Event triggered notifications for collaborative processes |
US20110173423A1 (en) * | 2008-02-01 | 2011-07-14 | Arimilli Ravi K | Look-Ahead Hardware Wake-and-Go Mechanism |
US20110173614A1 (en) * | 2006-03-07 | 2011-07-14 | Oracle America, Inc. | Method and system for provisioning a virtual computer and scheduling resources of the provisioned virtual computer |
US8166101B2 (en) | 2003-08-21 | 2012-04-24 | Microsoft Corporation | Systems and methods for the implementation of a synchronization schemas for units of information manageable by a hardware/software interface system |
US8185960B1 (en) | 2006-07-27 | 2012-05-22 | Qlogic, Corporation | System and method for managing access to adapter features |
US8238696B2 (en) | 2003-08-21 | 2012-08-07 | Microsoft Corporation | Systems and methods for the implementation of a digital images schema for organizing units of information manageable by a hardware/software interface system |
US8489815B2 (en) | 2008-09-15 | 2013-07-16 | Microsoft Corporation | Managing cache data and metadata |
US8572576B2 (en) | 2001-03-14 | 2013-10-29 | Microsoft Corporation | Executing dynamically assigned functions while providing services |
US8631203B2 (en) | 2007-12-10 | 2014-01-14 | Microsoft Corporation | Management of external memory functioning as virtual cache |
US8909861B2 (en) | 2004-10-21 | 2014-12-09 | Microsoft Corporation | Using external memory devices to improve system performance |
US8914557B2 (en) | 2005-12-16 | 2014-12-16 | Microsoft Corporation | Optimizing write and wear performance for a memory |
US8990898B2 (en) | 2012-02-16 | 2015-03-24 | Citrix Systems, Inc. | Connection leasing for hosted services |
US9032151B2 (en) | 2008-09-15 | 2015-05-12 | Microsoft Technology Licensing, Llc | Method and system for ensuring reliability of cache data and metadata subsequent to a reboot |
US20150347743A1 (en) * | 2014-05-30 | 2015-12-03 | Apple Inc. | Method and apparatus for inter process privilige transfer |
US20160149881A1 (en) * | 2014-11-24 | 2016-05-26 | Lenovo Enterprise Solutions (Singapore) Pte.Ltd. | Providing access to a restricted resource via a persistent authenticated device network |
US9361183B2 (en) | 2008-09-19 | 2016-06-07 | Microsoft Technology Licensing, Llc | Aggregation of write traffic to a data store |
US9460421B2 (en) | 2001-03-14 | 2016-10-04 | Microsoft Technology Licensing, Llc | Distributing notifications to multiple recipients via a broadcast list |
US10162727B2 (en) | 2014-05-30 | 2018-12-25 | Apple Inc. | Activity tracing diagnostic systems and methods |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7277897B2 (en) | 2003-08-01 | 2007-10-02 | Oracle International Corporation | Dynamic reassignment of data ownership |
US7139772B2 (en) | 2003-08-01 | 2006-11-21 | Oracle International Corporation | Ownership reassignment in a shared-nothing database system |
US8234517B2 (en) | 2003-08-01 | 2012-07-31 | Oracle International Corporation | Parallel recovery by non-failed nodes |
US7120651B2 (en) | 2003-08-01 | 2006-10-10 | Oracle International Corporation | Maintaining a shared cache that has partitions allocated among multiple nodes and a data-to-partition mapping |
KR100785782B1 (en) * | 2005-11-17 | 2007-12-18 | 한국전자통신연구원 | System of Privilege Delegation and Method Thereof |
US7707290B2 (en) * | 2006-05-08 | 2010-04-27 | International Business Machines Corporation | Securing leased resources on a computer |
US10579434B2 (en) | 2016-08-24 | 2020-03-03 | Improbable Worlds Ltd | Simulation systems and methods using query-based interest |
US10643010B2 (en) | 2016-08-24 | 2020-05-05 | Improbable Worlds Ltd | Scalable simulation system with scalable data propagation |
US10878146B2 (en) | 2016-08-24 | 2020-12-29 | Improbable Worlds Ltd | Handover techniques for simulation systems and methods |
US10303821B2 (en) | 2016-08-24 | 2019-05-28 | Improbable Worlds Ltd. | Load balancing systems and methods for spatially-optimized simulations |
US11087047B2 (en) | 2016-08-24 | 2021-08-10 | Improbable Worlds Ltd | Scalable update propagation via query aggregations and connection migrations |
US10380282B2 (en) | 2016-08-24 | 2019-08-13 | Improbable Worlds Ltd | Distributable and customizable load-balancing of data-associated computation via partitions and virtual processes |
US11416305B2 (en) | 2016-08-24 | 2022-08-16 | Improbable Worlds Limited | Commands for simulation systems and methods |
WO2019081911A1 (en) * | 2017-10-27 | 2019-05-02 | Improbable Worlds Ltd. | Handover techniques for simulation systems and methods |
Citations (124)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4491946A (en) | 1981-03-09 | 1985-01-01 | Gould Inc. | Multi-station token pass communication system |
US4713806A (en) | 1986-03-14 | 1987-12-15 | American Telephone And Telegraph Company, At&T Bell Laboratories | Communication system control arrangement |
EP0300516A2 (en) | 1981-05-22 | 1989-01-25 | Data General Corporation | Digital data processing system |
US4809160A (en) | 1985-10-28 | 1989-02-28 | Hewlett-Packard Company | Privilege level checking instruction for implementing a secure hierarchical computer system |
US4823122A (en) | 1984-06-01 | 1989-04-18 | Digital Equipment Corporation | Local area network for digital data processing system |
EP0351536A2 (en) | 1988-07-19 | 1990-01-24 | International Business Machines Corporation | Systematic recovery of excessive spin loops in an n-way mp environment |
US4939638A (en) | 1988-02-23 | 1990-07-03 | Stellar Computer Inc. | Time sliced vector processing |
US4956773A (en) | 1984-01-30 | 1990-09-11 | Hitachi, Ltd. | System and method of generating a source program from inputted schematic information |
US5088036A (en) | 1989-01-17 | 1992-02-11 | Digital Equipment Corporation | Real time, concurrent garbage collection system and method |
US5109486A (en) | 1989-01-06 | 1992-04-28 | Motorola, Inc. | Distributed computer system with network and resource status monitoring |
GB2253079A (en) | 1991-02-19 | 1992-08-26 | Tolsys Ltd | Stable memory protection using capability tables |
US5187787A (en) | 1989-07-27 | 1993-02-16 | Teknekron Software Systems, Inc. | Apparatus and method for providing decoupling of data exchange details for providing high performance communication between software processes |
US5218699A (en) | 1989-08-24 | 1993-06-08 | International Business Machines Corporation | Remote procedure calls in heterogeneous systems |
EP0555997A2 (en) | 1992-02-10 | 1993-08-18 | AT&T Corp. | Apparatus and methods for implementing protocols |
EP0565849A2 (en) | 1992-04-14 | 1993-10-20 | International Business Machines Corporation | A method and system for synchronizing threads within a process |
US5257369A (en) | 1990-10-22 | 1993-10-26 | Skeen Marion D | Apparatus and method for providing decoupling of data exchange details for providing high performance communication between software processes |
US5293614A (en) * | 1991-04-08 | 1994-03-08 | Texas Instruments Incorporated | System and method for hard real-time garbage collection requiring a write barrier but no read barrier |
US5297283A (en) | 1989-06-29 | 1994-03-22 | Digital Equipment Corporation | Object transferring system and method in an object based computer operating system |
US5311591A (en) | 1992-05-15 | 1994-05-10 | Fischer Addison M | Computer system security method and apparatus for creating and using program authorization information data structures |
US5339435A (en) | 1991-02-28 | 1994-08-16 | Hewlett-Packard Company | Heterogenous software configuration management apparatus |
US5386568A (en) | 1992-12-01 | 1995-01-31 | Yamaha Corporation | Apparatus and method for linking software modules |
US5390328A (en) | 1992-03-30 | 1995-02-14 | International Business Machines Corporation | Data processing system and method for providing notification in a central processor of state changes for shared data structure on external storage |
GB2262825B (en) | 1991-12-27 | 1995-05-24 | Intel Corp | Device driver configuration in a computer system |
US5423042A (en) | 1992-10-23 | 1995-06-06 | International Business Machines Corporation | Remote procedure execution |
US5440744A (en) | 1990-08-14 | 1995-08-08 | Digital Equipment Corporation | Methods and apparatus for implementing server functions in a distributed heterogeneous environment |
EP0625750A3 (en) | 1993-05-21 | 1995-08-16 | At & T Corp | Methods and apparatus for making and using distributed applications. |
US5448740A (en) | 1992-12-15 | 1995-09-05 | International Business Machines Corporation | Generation of a user interface code from a corresponding declarative language program |
US5452459A (en) | 1993-01-08 | 1995-09-19 | Digital Equipment Corporation | Method and apparatus for allocating server access in a distributed computing environment |
US5455952A (en) | 1993-11-03 | 1995-10-03 | Cardinal Vision, Inc. | Method of computing based on networks of dependent objects |
US5471629A (en) | 1988-12-19 | 1995-11-28 | Hewlett-Packard Company | Method of monitoring changes in an object-oriented database with tuned monitors |
EP0635792A3 (en) | 1993-07-16 | 1995-12-06 | Siemens Ag | Coordination method for parallel access to resource configurations by a plurality of processors. |
US5475817A (en) | 1991-02-25 | 1995-12-12 | Hewlett-Packard Company | Object oriented distributed computing system processing request to other object model with code mapping by object managers located by manager of object managers |
US5475792A (en) | 1992-09-21 | 1995-12-12 | International Business Machines Corporation | Telephony channel simulator for speech recognition application |
US5481721A (en) | 1991-07-17 | 1996-01-02 | Next Computer, Inc. | Method for providing automatic and dynamic translation of object oriented programming language-based message passing into operation system message passing using proxy objects |
EP0472874B1 (en) | 1990-08-31 | 1996-03-20 | International Business Machines Corporation | Automated address discovery method and apparatus for local area networks |
US5504921A (en) | 1990-09-17 | 1996-04-02 | Cabletron Systems, Inc. | Network management system using model-based intelligence |
US5511197A (en) | 1992-11-13 | 1996-04-23 | Microsoft Corporation | Method and system for network marshalling of interface pointers for remote procedure calls |
US5524244A (en) | 1988-07-11 | 1996-06-04 | Logic Devices, Inc. | System for dividing processing tasks into signal processor and decision-making microprocessor interfacing therewith |
US5553282A (en) | 1994-12-09 | 1996-09-03 | Taligent, Inc. | Software project history database and method of operation |
US5555367A (en) | 1994-09-30 | 1996-09-10 | General Electric Company | Method and system for generating computer programs for queries formed by manipulating object-oriented diagrams |
US5557798A (en) | 1989-07-27 | 1996-09-17 | Tibco, Inc. | Apparatus and method for providing decoupling of data exchange details for providing high performance communication between software processes |
US5560003A (en) | 1992-12-21 | 1996-09-24 | Iowa State University Research Foundation, Inc. | System and hardware module for incremental real time garbage collection and memory management |
EP0697655A3 (en) | 1994-08-19 | 1996-09-25 | Canon Kk | System for managing external applications and files |
US5561785A (en) * | 1992-10-29 | 1996-10-01 | International Business Machines Corporation | System for allocating and returning storage and collecting garbage using subpool of available blocks |
US5577231A (en) | 1994-12-06 | 1996-11-19 | International Business Machines Corporation | Storage access authorization controls in a computer system using dynamic translation of large addresses |
US5603031A (en) | 1993-07-08 | 1997-02-11 | General Magic, Inc. | System and method for distributed computation based upon the movement, execution, and interaction of processes in a network |
US5617537A (en) | 1993-10-05 | 1997-04-01 | Nippon Telegraph And Telephone Corporation | Message passing system for distributed shared memory multiprocessor system and message passing method using the same |
EP0384339B1 (en) | 1989-02-24 | 1997-04-02 | Digital Equipment Corporation | Broker for computer network server selection |
US5628005A (en) | 1995-06-07 | 1997-05-06 | Microsoft Corporation | System and method for providing opportunistic file access in a network environment |
US5640564A (en) | 1994-05-26 | 1997-06-17 | Sun Microsystems, Inc. | Method and apparatus for generating and using short operation identifiers in object oriented systems |
US5644768A (en) | 1994-12-09 | 1997-07-01 | Borland International, Inc. | Systems and methods for sharing resources in a multi-user environment |
US5652888A (en) | 1993-11-16 | 1997-07-29 | Microsoft Corporation | System for interconnecting software components in an object oriented programming environment using a separate editor object for each run-time object instantiated for each selected component |
US5655148A (en) | 1994-05-27 | 1997-08-05 | Microsoft Corporation | Method for automatically configuring devices including a network adapter without manual intervention and without prior configuration information |
US5659751A (en) | 1990-01-05 | 1997-08-19 | Apple Computer, Inc. | Apparatus and method for dynamic linking of computer software components |
EP0794493A2 (en) | 1996-03-05 | 1997-09-10 | Digital Vision Laboratories Corporation | Parallel distributed processing and operation processors |
US5671225A (en) | 1995-09-01 | 1997-09-23 | Digital Equipment Corporation | Distributed interactive multimedia service system |
US5675796A (en) | 1994-04-08 | 1997-10-07 | Microsoft Corporation | Concurrency management component for use by a computer program during the transfer of a message |
US5680617A (en) | 1994-05-16 | 1997-10-21 | Apple Computer, Inc. | Computer-human interface which provides for user customization of object behavior |
US5680573A (en) * | 1994-07-12 | 1997-10-21 | Sybase, Inc. | Method of buffering data objects in a database |
US5684955A (en) | 1991-09-20 | 1997-11-04 | Siemens Aktiengesellschaft | Process for distributing an object-oriented program over a plurality of operating system processes of a computer system |
EP0805393A2 (en) | 1996-04-30 | 1997-11-05 | International Business Machines Corporation | Method and apparatus for managing membership of a group of processors in a distributed computing environment |
US5689709A (en) | 1992-11-13 | 1997-11-18 | Microsoft Corporation | Method and system for invoking methods of an object |
EP0810524A1 (en) | 1996-05-30 | 1997-12-03 | Sun Microsystems, Inc. | Apparatus and method for processing servlets |
US5706435A (en) * | 1993-12-06 | 1998-01-06 | Panasonic Technologies, Inc. | System for maintaining data coherency in cache memory by periodically broadcasting a single invalidation report from server to clients |
EP0817022A2 (en) | 1996-06-26 | 1998-01-07 | Sun Microsystems, Inc. | Method and apparatus for marshalling and unmarshalling argument object references |
EP0817025A2 (en) | 1996-06-26 | 1998-01-07 | Sun Microsystems, Inc. | Data structures and method for implementing subcontracts in a distributed object oriented system |
EP0817020A2 (en) | 1996-07-01 | 1998-01-07 | Sun Microsystems, Inc. | A name service for a redundant array of internet servers |
US5727145A (en) | 1996-06-26 | 1998-03-10 | Sun Microsystems, Inc. | Mechanism for locating objects in a secure fashion |
US5737607A (en) | 1995-09-28 | 1998-04-07 | Sun Microsystems, Inc. | Method and apparatus for allowing generic stubs to marshal and unmarshal data in object reference specific data formats |
US5745703A (en) | 1995-07-18 | 1998-04-28 | Nec Research Institute, Inc. | Transmission of higher-order objects across a network of heterogeneous machines |
US5745678A (en) | 1994-12-13 | 1998-04-28 | International Business Machines Corporation | Method and system for the secured distribution of multimedia titles |
US5745695A (en) | 1996-01-16 | 1998-04-28 | Motorola Inc. | Radio system with suspension of packet data service during non-data service connection |
US5754849A (en) | 1996-01-30 | 1998-05-19 | Wayfarer Communications, Inc. | Self-describing object providing dynamic manipulation of heterogeneous data values and semantic identity between memory and transmission representations |
EP0767432A3 (en) | 1995-10-06 | 1998-05-20 | Sun Microsystems, Inc. | System and method for distributed object resource management |
US5757925A (en) | 1996-07-23 | 1998-05-26 | Faybishenko; Yaroslav | Secure platform independent cross-platform remote execution computer system and method |
US5761656A (en) | 1995-06-26 | 1998-06-02 | Netdynamics, Inc. | Interaction between databases and graphical user interfaces |
US5764897A (en) | 1993-02-25 | 1998-06-09 | Sun Microsystems, Inc. | Method and apparatus for managing transactions in an object-oriented distributed system |
US5768532A (en) | 1996-06-17 | 1998-06-16 | International Business Machines Corporation | Method and distributed database file system for implementing self-describing distributed file objects |
US5774551A (en) | 1995-08-07 | 1998-06-30 | Sun Microsystems, Inc. | Pluggable account management interface with unified login and logout and multiple user authentication services |
US5778368A (en) | 1996-05-03 | 1998-07-07 | Telogy Networks, Inc. | Real-time embedded software respository with attribute searching apparatus and method |
US5778228A (en) | 1994-08-16 | 1998-07-07 | International Business Machines Corporation | Method and system for transferring remote procedure calls and responses over a network |
US5787425A (en) | 1996-10-01 | 1998-07-28 | International Business Machines Corporation | Object-oriented data mining framework mechanism |
US5787431A (en) | 1996-12-16 | 1998-07-28 | Borland International, Inc. | Database development system with methods for java-string reference lookups of column names |
US5790548A (en) | 1996-04-18 | 1998-08-04 | Bell Atlantic Network Services, Inc. | Universal access multimedia data network |
US5809507A (en) | 1996-07-01 | 1998-09-15 | Sun Microsystems, Inc. | Method and apparatus for storing persistent objects on a distributed object network using a marshaling framework |
US5813013A (en) | 1996-06-06 | 1998-09-22 | Microsoft Corporation | Representing recurring events |
US5815709A (en) | 1996-04-23 | 1998-09-29 | San Microsystems, Inc. | System and method for generating identifiers for uniquely identifying object types for objects used in processing of object-oriented programs and the like |
US5815149A (en) | 1997-02-19 | 1998-09-29 | Unisys Corp. | Method for generating code for modifying existing event routines for controls on a form |
US5815711A (en) | 1994-11-15 | 1998-09-29 | Hitachi, Ltd. | Apparatus and method for program generation |
US5829022A (en) | 1995-08-29 | 1998-10-27 | Fuji Xerox Co., Ltd. | Method and apparatus for managing coherency in object and page caches |
US5832529A (en) | 1996-10-11 | 1998-11-03 | Sun Microsystems, Inc. | Methods, apparatus, and product for distributed garbage collection |
US5835737A (en) | 1996-05-10 | 1998-11-10 | Apple Computer, Inc. | Method and apparatus for arbitrating access to selected computer system devices |
US5832593A (en) | 1993-04-14 | 1998-11-10 | Minnesota Mining And Manufacturing Company | Splice head for insulated telecommunication wires |
US5842018A (en) | 1992-07-06 | 1998-11-24 | Microsoft Corporation | Method and system for referring to and binding to objects using identifier objects |
US5845129A (en) | 1996-03-22 | 1998-12-01 | Philips Electronics North America Corporation | Protection domains in a single address space |
US5844553A (en) | 1993-08-30 | 1998-12-01 | Hewlett-Packard Company | Mechanism to control and use window events among applications in concurrent computing |
US5860153A (en) | 1995-11-22 | 1999-01-12 | Sun Microsystems, Inc. | Memory efficient directory coherency maintenance |
US5860004A (en) | 1996-07-03 | 1999-01-12 | Sun Microsystems, Inc. | Code generator for applications in distributed object systems |
US5864866A (en) | 1997-03-26 | 1999-01-26 | International Business Machines Corporation | Apparatus and method for providing externalization in an object-oriented environment |
US5864862A (en) | 1996-09-30 | 1999-01-26 | Telefonaktiebolaget Lm Ericsson (Publ) | System and method for creating reusable components in an object-oriented programming environment |
US5872928A (en) | 1995-02-24 | 1999-02-16 | Cabletron Systems, Inc. | Method and apparatus for defining and enforcing policies for configuration management in communications networks |
US5875335A (en) | 1996-09-30 | 1999-02-23 | Apple Computer, Inc. | Parameter marshaling techniques for dynamic object-oriented programming languages |
US5878411A (en) | 1997-06-27 | 1999-03-02 | International Business Machines Corporation | Dependent object class and subclass mapping to relational data store |
US5884024A (en) | 1996-12-09 | 1999-03-16 | Sun Microsystems, Inc. | Secure DHCP server |
US5884079A (en) | 1996-06-17 | 1999-03-16 | Yamatake-Honeywell Co., Ltd. | Design part reusing method in configuration tool |
US5887134A (en) | 1997-06-30 | 1999-03-23 | Sun Microsystems | System and method for preserving message order while employing both programmed I/O and DMA operations |
US5890158A (en) | 1997-03-31 | 1999-03-30 | International Business Machines Corporation | Method, apparatus, and program storage device for sharing objects with a network server and a database server using a common object model |
EP0778520A3 (en) | 1995-12-08 | 1999-03-31 | Sun Microsystems, Inc. | System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources |
US5892904A (en) | 1996-12-06 | 1999-04-06 | Microsoft Corporation | Code certification for network transmission |
EP0474340B1 (en) | 1990-08-14 | 1999-05-19 | Bea Systems, Inc. | Methods and apparatus for providing dynamic invocation of applicatons in a distributed heterogeneous environment |
US5933497A (en) | 1990-12-14 | 1999-08-03 | International Business Machines Corporation | Apparatus and method for controlling access to software |
US5935249A (en) | 1997-02-26 | 1999-08-10 | Sun Microsystems, Inc. | Mechanism for embedding network based control systems in a local network interface device |
US5940827A (en) | 1995-03-31 | 1999-08-17 | Sun Microsystems, Inc. | Methods and apparatus for managing a database in a distributed operating environment |
US5946485A (en) | 1996-02-09 | 1999-08-31 | Intervoice Limited Partnership | Enhanced graphical development environment for controlling program flow |
US5946694A (en) | 1997-09-29 | 1999-08-31 | International Business Machines Corporation | Apparatus and method for transparent application of service to business objects |
US6003763A (en) | 1995-12-29 | 1999-12-21 | Visa International Service | Method and apparatus for recording magnetic information on traveler's checks |
US6009103A (en) | 1997-12-23 | 1999-12-28 | Mediaone Group, Inc. | Method and system for automatic allocation of resources in a network |
US6061713A (en) | 1997-03-12 | 2000-05-09 | Fujitsu Limited | Communications system for client-server data processing systems |
US6061699A (en) | 1997-11-03 | 2000-05-09 | International Business Machines Corporation | Method and computer program product for extracting translatable material from browser program function codes using variables for displaying MRI |
EP0718761B1 (en) | 1994-12-20 | 2000-07-12 | Sun Microsystems, Inc. | A platform independent object and object viewer loader and method |
GB2305087B (en) | 1995-08-28 | 2000-07-12 | Fujitsu Ltd | Defect-free type remote procedure call system and method thereof |
EP0651328B1 (en) | 1993-10-27 | 2000-08-09 | Microsoft Corporation | Event architecture for system management in an operating system |
EP0660231B1 (en) | 1993-12-13 | 2000-08-16 | Microsoft Corporation | Method and system for dynamically generating object connections |
EP0803811A3 (en) | 1996-04-23 | 2000-12-06 | Sun Microsystems, Inc. | System and method for stub retrieval and loading |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5353343A (en) * | 1992-04-30 | 1994-10-04 | Rockwell International Corporation | Telephonic switching system with a user controlled data memory access system and method |
-
1998
- 1998-03-20 US US09/044,838 patent/US6247026B1/en not_active Expired - Lifetime
-
1999
- 1999-02-17 WO PCT/US1999/003400 patent/WO1999044130A1/en not_active Application Discontinuation
- 1999-02-17 AU AU32972/99A patent/AU3297299A/en not_active Abandoned
- 1999-02-17 CN CN99805396A patent/CN1298509A/en active Pending
- 1999-02-17 KR KR1020007009396A patent/KR20010041296A/en not_active Application Discontinuation
- 1999-02-17 EP EP99936130A patent/EP1062580A1/en not_active Withdrawn
- 1999-02-17 JP JP2000533814A patent/JP2002505470A/en active Pending
Patent Citations (128)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4491946A (en) | 1981-03-09 | 1985-01-01 | Gould Inc. | Multi-station token pass communication system |
EP0300516A2 (en) | 1981-05-22 | 1989-01-25 | Data General Corporation | Digital data processing system |
US4956773A (en) | 1984-01-30 | 1990-09-11 | Hitachi, Ltd. | System and method of generating a source program from inputted schematic information |
US4823122A (en) | 1984-06-01 | 1989-04-18 | Digital Equipment Corporation | Local area network for digital data processing system |
US4809160A (en) | 1985-10-28 | 1989-02-28 | Hewlett-Packard Company | Privilege level checking instruction for implementing a secure hierarchical computer system |
US4713806A (en) | 1986-03-14 | 1987-12-15 | American Telephone And Telegraph Company, At&T Bell Laboratories | Communication system control arrangement |
US4939638A (en) | 1988-02-23 | 1990-07-03 | Stellar Computer Inc. | Time sliced vector processing |
US5524244A (en) | 1988-07-11 | 1996-06-04 | Logic Devices, Inc. | System for dividing processing tasks into signal processor and decision-making microprocessor interfacing therewith |
EP0351536A2 (en) | 1988-07-19 | 1990-01-24 | International Business Machines Corporation | Systematic recovery of excessive spin loops in an n-way mp environment |
US5471629A (en) | 1988-12-19 | 1995-11-28 | Hewlett-Packard Company | Method of monitoring changes in an object-oriented database with tuned monitors |
US5109486A (en) | 1989-01-06 | 1992-04-28 | Motorola, Inc. | Distributed computer system with network and resource status monitoring |
US5088036A (en) | 1989-01-17 | 1992-02-11 | Digital Equipment Corporation | Real time, concurrent garbage collection system and method |
EP0384339B1 (en) | 1989-02-24 | 1997-04-02 | Digital Equipment Corporation | Broker for computer network server selection |
US5297283A (en) | 1989-06-29 | 1994-03-22 | Digital Equipment Corporation | Object transferring system and method in an object based computer operating system |
US5187787A (en) | 1989-07-27 | 1993-02-16 | Teknekron Software Systems, Inc. | Apparatus and method for providing decoupling of data exchange details for providing high performance communication between software processes |
US5966531A (en) | 1989-07-27 | 1999-10-12 | Reuters, Ltd. | Apparatus and method for providing decoupled data communications between software processes |
US5187787B1 (en) | 1989-07-27 | 1996-05-07 | Teknekron Software Systems Inc | Apparatus and method for providing decoupling of data exchange details for providing high performance communication between software processes |
US5557798A (en) | 1989-07-27 | 1996-09-17 | Tibco, Inc. | Apparatus and method for providing decoupling of data exchange details for providing high performance communication between software processes |
US5218699A (en) | 1989-08-24 | 1993-06-08 | International Business Machines Corporation | Remote procedure calls in heterogeneous systems |
US5659751A (en) | 1990-01-05 | 1997-08-19 | Apple Computer, Inc. | Apparatus and method for dynamic linking of computer software components |
US5440744A (en) | 1990-08-14 | 1995-08-08 | Digital Equipment Corporation | Methods and apparatus for implementing server functions in a distributed heterogeneous environment |
EP0474340B1 (en) | 1990-08-14 | 1999-05-19 | Bea Systems, Inc. | Methods and apparatus for providing dynamic invocation of applicatons in a distributed heterogeneous environment |
EP0472874B1 (en) | 1990-08-31 | 1996-03-20 | International Business Machines Corporation | Automated address discovery method and apparatus for local area networks |
US5504921A (en) | 1990-09-17 | 1996-04-02 | Cabletron Systems, Inc. | Network management system using model-based intelligence |
US5257369A (en) | 1990-10-22 | 1993-10-26 | Skeen Marion D | Apparatus and method for providing decoupling of data exchange details for providing high performance communication between software processes |
US5933497A (en) | 1990-12-14 | 1999-08-03 | International Business Machines Corporation | Apparatus and method for controlling access to software |
GB2253079A (en) | 1991-02-19 | 1992-08-26 | Tolsys Ltd | Stable memory protection using capability tables |
US5475817A (en) | 1991-02-25 | 1995-12-12 | Hewlett-Packard Company | Object oriented distributed computing system processing request to other object model with code mapping by object managers located by manager of object managers |
US5339435A (en) | 1991-02-28 | 1994-08-16 | Hewlett-Packard Company | Heterogenous software configuration management apparatus |
US5293614A (en) * | 1991-04-08 | 1994-03-08 | Texas Instruments Incorporated | System and method for hard real-time garbage collection requiring a write barrier but no read barrier |
US5481721A (en) | 1991-07-17 | 1996-01-02 | Next Computer, Inc. | Method for providing automatic and dynamic translation of object oriented programming language-based message passing into operation system message passing using proxy objects |
US5684955A (en) | 1991-09-20 | 1997-11-04 | Siemens Aktiengesellschaft | Process for distributing an object-oriented program over a plurality of operating system processes of a computer system |
GB2262825B (en) | 1991-12-27 | 1995-05-24 | Intel Corp | Device driver configuration in a computer system |
EP0555997A2 (en) | 1992-02-10 | 1993-08-18 | AT&T Corp. | Apparatus and methods for implementing protocols |
US5390328A (en) | 1992-03-30 | 1995-02-14 | International Business Machines Corporation | Data processing system and method for providing notification in a central processor of state changes for shared data structure on external storage |
EP0565849A2 (en) | 1992-04-14 | 1993-10-20 | International Business Machines Corporation | A method and system for synchronizing threads within a process |
US5311591A (en) | 1992-05-15 | 1994-05-10 | Fischer Addison M | Computer system security method and apparatus for creating and using program authorization information data structures |
US5842018A (en) | 1992-07-06 | 1998-11-24 | Microsoft Corporation | Method and system for referring to and binding to objects using identifier objects |
US5475792A (en) | 1992-09-21 | 1995-12-12 | International Business Machines Corporation | Telephony channel simulator for speech recognition application |
US5423042A (en) | 1992-10-23 | 1995-06-06 | International Business Machines Corporation | Remote procedure execution |
US5561785A (en) * | 1992-10-29 | 1996-10-01 | International Business Machines Corporation | System for allocating and returning storage and collecting garbage using subpool of available blocks |
US5511197A (en) | 1992-11-13 | 1996-04-23 | Microsoft Corporation | Method and system for network marshalling of interface pointers for remote procedure calls |
US5689709A (en) | 1992-11-13 | 1997-11-18 | Microsoft Corporation | Method and system for invoking methods of an object |
US5724588A (en) | 1992-11-13 | 1998-03-03 | Microsoft Corporation | Method and system for network marshalling of interface pointers for remote procedure calls |
US5386568A (en) | 1992-12-01 | 1995-01-31 | Yamaha Corporation | Apparatus and method for linking software modules |
US5448740A (en) | 1992-12-15 | 1995-09-05 | International Business Machines Corporation | Generation of a user interface code from a corresponding declarative language program |
US5560003A (en) | 1992-12-21 | 1996-09-24 | Iowa State University Research Foundation, Inc. | System and hardware module for incremental real time garbage collection and memory management |
US5452459A (en) | 1993-01-08 | 1995-09-19 | Digital Equipment Corporation | Method and apparatus for allocating server access in a distributed computing environment |
US5764897A (en) | 1993-02-25 | 1998-06-09 | Sun Microsystems, Inc. | Method and apparatus for managing transactions in an object-oriented distributed system |
US5832593A (en) | 1993-04-14 | 1998-11-10 | Minnesota Mining And Manufacturing Company | Splice head for insulated telecommunication wires |
EP0625750A3 (en) | 1993-05-21 | 1995-08-16 | At & T Corp | Methods and apparatus for making and using distributed applications. |
US5603031A (en) | 1993-07-08 | 1997-02-11 | General Magic, Inc. | System and method for distributed computation based upon the movement, execution, and interaction of processes in a network |
EP0635792A3 (en) | 1993-07-16 | 1995-12-06 | Siemens Ag | Coordination method for parallel access to resource configurations by a plurality of processors. |
US5844553A (en) | 1993-08-30 | 1998-12-01 | Hewlett-Packard Company | Mechanism to control and use window events among applications in concurrent computing |
US5617537A (en) | 1993-10-05 | 1997-04-01 | Nippon Telegraph And Telephone Corporation | Message passing system for distributed shared memory multiprocessor system and message passing method using the same |
EP0651328B1 (en) | 1993-10-27 | 2000-08-09 | Microsoft Corporation | Event architecture for system management in an operating system |
US5455952A (en) | 1993-11-03 | 1995-10-03 | Cardinal Vision, Inc. | Method of computing based on networks of dependent objects |
US5652888A (en) | 1993-11-16 | 1997-07-29 | Microsoft Corporation | System for interconnecting software components in an object oriented programming environment using a separate editor object for each run-time object instantiated for each selected component |
US5706435A (en) * | 1993-12-06 | 1998-01-06 | Panasonic Technologies, Inc. | System for maintaining data coherency in cache memory by periodically broadcasting a single invalidation report from server to clients |
EP0660231B1 (en) | 1993-12-13 | 2000-08-16 | Microsoft Corporation | Method and system for dynamically generating object connections |
US5675796A (en) | 1994-04-08 | 1997-10-07 | Microsoft Corporation | Concurrency management component for use by a computer program during the transfer of a message |
US5680617A (en) | 1994-05-16 | 1997-10-21 | Apple Computer, Inc. | Computer-human interface which provides for user customization of object behavior |
US5640564A (en) | 1994-05-26 | 1997-06-17 | Sun Microsystems, Inc. | Method and apparatus for generating and using short operation identifiers in object oriented systems |
US5655148A (en) | 1994-05-27 | 1997-08-05 | Microsoft Corporation | Method for automatically configuring devices including a network adapter without manual intervention and without prior configuration information |
US5680573A (en) * | 1994-07-12 | 1997-10-21 | Sybase, Inc. | Method of buffering data objects in a database |
US5778228A (en) | 1994-08-16 | 1998-07-07 | International Business Machines Corporation | Method and system for transferring remote procedure calls and responses over a network |
EP0697655A3 (en) | 1994-08-19 | 1996-09-25 | Canon Kk | System for managing external applications and files |
US5555367A (en) | 1994-09-30 | 1996-09-10 | General Electric Company | Method and system for generating computer programs for queries formed by manipulating object-oriented diagrams |
US5815711A (en) | 1994-11-15 | 1998-09-29 | Hitachi, Ltd. | Apparatus and method for program generation |
US5577231A (en) | 1994-12-06 | 1996-11-19 | International Business Machines Corporation | Storage access authorization controls in a computer system using dynamic translation of large addresses |
US5644768A (en) | 1994-12-09 | 1997-07-01 | Borland International, Inc. | Systems and methods for sharing resources in a multi-user environment |
US5553282A (en) | 1994-12-09 | 1996-09-03 | Taligent, Inc. | Software project history database and method of operation |
US5745678A (en) | 1994-12-13 | 1998-04-28 | International Business Machines Corporation | Method and system for the secured distribution of multimedia titles |
EP0718761B1 (en) | 1994-12-20 | 2000-07-12 | Sun Microsystems, Inc. | A platform independent object and object viewer loader and method |
US5872928A (en) | 1995-02-24 | 1999-02-16 | Cabletron Systems, Inc. | Method and apparatus for defining and enforcing policies for configuration management in communications networks |
US5940827A (en) | 1995-03-31 | 1999-08-17 | Sun Microsystems, Inc. | Methods and apparatus for managing a database in a distributed operating environment |
US5628005A (en) | 1995-06-07 | 1997-05-06 | Microsoft Corporation | System and method for providing opportunistic file access in a network environment |
US5761656A (en) | 1995-06-26 | 1998-06-02 | Netdynamics, Inc. | Interaction between databases and graphical user interfaces |
US5745703A (en) | 1995-07-18 | 1998-04-28 | Nec Research Institute, Inc. | Transmission of higher-order objects across a network of heterogeneous machines |
US5774551A (en) | 1995-08-07 | 1998-06-30 | Sun Microsystems, Inc. | Pluggable account management interface with unified login and logout and multiple user authentication services |
GB2305087B (en) | 1995-08-28 | 2000-07-12 | Fujitsu Ltd | Defect-free type remote procedure call system and method thereof |
US5829022A (en) | 1995-08-29 | 1998-10-27 | Fuji Xerox Co., Ltd. | Method and apparatus for managing coherency in object and page caches |
US5671225A (en) | 1995-09-01 | 1997-09-23 | Digital Equipment Corporation | Distributed interactive multimedia service system |
US5737607A (en) | 1995-09-28 | 1998-04-07 | Sun Microsystems, Inc. | Method and apparatus for allowing generic stubs to marshal and unmarshal data in object reference specific data formats |
EP0767432A3 (en) | 1995-10-06 | 1998-05-20 | Sun Microsystems, Inc. | System and method for distributed object resource management |
US5860153A (en) | 1995-11-22 | 1999-01-12 | Sun Microsystems, Inc. | Memory efficient directory coherency maintenance |
EP0778520A3 (en) | 1995-12-08 | 1999-03-31 | Sun Microsystems, Inc. | System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources |
US6003763A (en) | 1995-12-29 | 1999-12-21 | Visa International Service | Method and apparatus for recording magnetic information on traveler's checks |
US5745695A (en) | 1996-01-16 | 1998-04-28 | Motorola Inc. | Radio system with suspension of packet data service during non-data service connection |
US5754849A (en) | 1996-01-30 | 1998-05-19 | Wayfarer Communications, Inc. | Self-describing object providing dynamic manipulation of heterogeneous data values and semantic identity between memory and transmission representations |
US5946485A (en) | 1996-02-09 | 1999-08-31 | Intervoice Limited Partnership | Enhanced graphical development environment for controlling program flow |
EP0794493A2 (en) | 1996-03-05 | 1997-09-10 | Digital Vision Laboratories Corporation | Parallel distributed processing and operation processors |
US5845129A (en) | 1996-03-22 | 1998-12-01 | Philips Electronics North America Corporation | Protection domains in a single address space |
US5790548A (en) | 1996-04-18 | 1998-08-04 | Bell Atlantic Network Services, Inc. | Universal access multimedia data network |
US5815709A (en) | 1996-04-23 | 1998-09-29 | San Microsystems, Inc. | System and method for generating identifiers for uniquely identifying object types for objects used in processing of object-oriented programs and the like |
EP0803811A3 (en) | 1996-04-23 | 2000-12-06 | Sun Microsystems, Inc. | System and method for stub retrieval and loading |
EP0803810A3 (en) | 1996-04-23 | 2000-02-23 | Sun Microsystems, Inc. | System and method for generating identifiers for uniquely identifying object types |
EP0805393A2 (en) | 1996-04-30 | 1997-11-05 | International Business Machines Corporation | Method and apparatus for managing membership of a group of processors in a distributed computing environment |
US5778368A (en) | 1996-05-03 | 1998-07-07 | Telogy Networks, Inc. | Real-time embedded software respository with attribute searching apparatus and method |
US5835737A (en) | 1996-05-10 | 1998-11-10 | Apple Computer, Inc. | Method and apparatus for arbitrating access to selected computer system devices |
EP0810524A1 (en) | 1996-05-30 | 1997-12-03 | Sun Microsystems, Inc. | Apparatus and method for processing servlets |
US5813013A (en) | 1996-06-06 | 1998-09-22 | Microsoft Corporation | Representing recurring events |
US5884079A (en) | 1996-06-17 | 1999-03-16 | Yamatake-Honeywell Co., Ltd. | Design part reusing method in configuration tool |
US5768532A (en) | 1996-06-17 | 1998-06-16 | International Business Machines Corporation | Method and distributed database file system for implementing self-describing distributed file objects |
US5727145A (en) | 1996-06-26 | 1998-03-10 | Sun Microsystems, Inc. | Mechanism for locating objects in a secure fashion |
EP0817025A2 (en) | 1996-06-26 | 1998-01-07 | Sun Microsystems, Inc. | Data structures and method for implementing subcontracts in a distributed object oriented system |
EP0817022A2 (en) | 1996-06-26 | 1998-01-07 | Sun Microsystems, Inc. | Method and apparatus for marshalling and unmarshalling argument object references |
US5809507A (en) | 1996-07-01 | 1998-09-15 | Sun Microsystems, Inc. | Method and apparatus for storing persistent objects on a distributed object network using a marshaling framework |
EP0817020A2 (en) | 1996-07-01 | 1998-01-07 | Sun Microsystems, Inc. | A name service for a redundant array of internet servers |
US5860004A (en) | 1996-07-03 | 1999-01-12 | Sun Microsystems, Inc. | Code generator for applications in distributed object systems |
US5757925A (en) | 1996-07-23 | 1998-05-26 | Faybishenko; Yaroslav | Secure platform independent cross-platform remote execution computer system and method |
US5875335A (en) | 1996-09-30 | 1999-02-23 | Apple Computer, Inc. | Parameter marshaling techniques for dynamic object-oriented programming languages |
US5864862A (en) | 1996-09-30 | 1999-01-26 | Telefonaktiebolaget Lm Ericsson (Publ) | System and method for creating reusable components in an object-oriented programming environment |
US5787425A (en) | 1996-10-01 | 1998-07-28 | International Business Machines Corporation | Object-oriented data mining framework mechanism |
US5832529A (en) | 1996-10-11 | 1998-11-03 | Sun Microsystems, Inc. | Methods, apparatus, and product for distributed garbage collection |
US5892904A (en) | 1996-12-06 | 1999-04-06 | Microsoft Corporation | Code certification for network transmission |
US5884024A (en) | 1996-12-09 | 1999-03-16 | Sun Microsystems, Inc. | Secure DHCP server |
US5787431A (en) | 1996-12-16 | 1998-07-28 | Borland International, Inc. | Database development system with methods for java-string reference lookups of column names |
US5815149A (en) | 1997-02-19 | 1998-09-29 | Unisys Corp. | Method for generating code for modifying existing event routines for controls on a form |
US5935249A (en) | 1997-02-26 | 1999-08-10 | Sun Microsystems, Inc. | Mechanism for embedding network based control systems in a local network interface device |
US6061713A (en) | 1997-03-12 | 2000-05-09 | Fujitsu Limited | Communications system for client-server data processing systems |
US5864866A (en) | 1997-03-26 | 1999-01-26 | International Business Machines Corporation | Apparatus and method for providing externalization in an object-oriented environment |
US5890158A (en) | 1997-03-31 | 1999-03-30 | International Business Machines Corporation | Method, apparatus, and program storage device for sharing objects with a network server and a database server using a common object model |
US5878411A (en) | 1997-06-27 | 1999-03-02 | International Business Machines Corporation | Dependent object class and subclass mapping to relational data store |
US5887134A (en) | 1997-06-30 | 1999-03-23 | Sun Microsystems | System and method for preserving message order while employing both programmed I/O and DMA operations |
US5946694A (en) | 1997-09-29 | 1999-08-31 | International Business Machines Corporation | Apparatus and method for transparent application of service to business objects |
US6061699A (en) | 1997-11-03 | 2000-05-09 | International Business Machines Corporation | Method and computer program product for extracting translatable material from browser program function codes using variables for displaying MRI |
US6009103A (en) | 1997-12-23 | 1999-12-28 | Mediaone Group, Inc. | Method and system for automatic allocation of resources in a network |
Non-Patent Citations (98)
Title |
---|
"Change-Notification Service for Shared Files," IBM Technical Disclosure Bulletin, vol. 36, No. 8, pp. 77-82, XP002108713, New York, US, Aug. 1993. |
Agha et al., Actorspaces: An Open Distributed Programming Paradigm, University of Illinois, Report No. UIUCDCS-R-92-1766, Open Systems Laboratory TR No. 8, Nov. 1992, pp. 1-12. |
Ahmed et al., A Program Building Tool for Parallel Applications, Yale University, Dec. 1, 1993, pp. 1-23. |
Aldrich et al., "Providing Easier Access to Remote Objects in Client-Server Systems," System Sciences, 1998, Proceedings of the 31st Hawaii Internat'l. Conference, Jan. 6-9, 1998, pp. 366-375. |
Aldrich et al., "Providing Easier Access to Remote Objects in Distributed Systems," Calif. Institute of Technology, www.cs.caltech.edu/%7Ejedi/paper/jedipaper.html, Nov. 21, 1997. |
Alexander et al., "Active Bridging," Proceedings of the ACM/SIGCOMM'97 Conference, Cannes, France, Sep. 1997. |
Anderson et al., Persistent Linda: Linda+Transactions+Query Processing Proceedings of the 13th Symposium on Fault Tolerant Systems, 1994, pp. 93-109. |
Beech, et al., "Object Databases as Generalizations of Relational Databases," Computer Standards & Interfaces, vol. 13, Nos. 1/3, pp. 221-230, Amsterdam, NL, Jan. 1991. |
Bertino et al., "Object-Oriented Database Management Systems: Concepts and Issues," Computer, vol. 24, No. 4, pp. 33-47, Los Alamitos, CA, Apr. 1991. |
Betz, "Interoperable Objects: Laying the Foundation for Distributed Object Computing," Dr. Dobb's Journal, vol. 19, No. 11, p. 18(13), Oct. 1994. |
Bevan, "An Efficient Reference Counting Solution To The Distributed Garbage Collection Problem," Parallel Computing, NL, Elsevier Science Publishers, Amsterdam, vol. 9, No. 2, pp. 179-192, Jan. 1989. |
Birrell et al., Grapevine: An Exercise in Distributed Computing, Communications of the ACM, vol. 25, No. 4, Apr. 1982, pp. 260-274. |
Birrell et al., Network Objects, DEC SRC Research Report 115, Feb. 28, 1994. |
Birrell, Andrew D. and Nelson, Bruce Jay, "Implementing Remote Procedure Calls," ACM Transactions on Computer Systems, vol. 2, No. 1, pp. 39-59, Feb. 1984. |
Birrell, Andrew, et al., "Distributed Garbage Collection for Network Objects," Digital Systems Research Center, Dec. 15, 1993. |
Birrell, Andrew, et al., "Distributed Garbage Collection for Network Objects,"Digital Systems Research Center, No. 116, Dec. 15, 1993, pp. 1-18. |
Birrell, Andrew, et al., "Network Objects," Digital Equipment Corp. Systems Research Center Technical Report, 27(5), Dec. 1993, pp. 217-230. |
Birrell, Andrew, et al., "Network Objects," Digital Systems Research Center, Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles, vol. 27, No. 5, pp. 217-230, Dec. 1993. |
Cannon et al., Adding Fault-Tolerant Transaction Processing to Linda, Software-Practice and Experience, vol. 24(5), May 1994, pp. 449-466. |
Cardelli, Obliq, A lightweight language for network objects, Nov. 5, 1993, pp. 1-37. |
Carriero et al, Distributed Data Structures in Linda, Yale Research Report YALEU/DCS/RR-438, Nov. 1985. |
Carriero et al., Distributed Data Structures in Linda, Principals of Programming Language, 1986, pp. 1-16. |
Cary G. Gray and David R. Cheriton, "Leases: An Efficient Fault-Tolerant Mechanism for Distributed File Cache Consistency", ACM (Association for Computing Machinery), pp. 202-210, 1989.* |
Chun, Kin-Man and Yuen, Herbert, "A "Tiny' Pascal Compiler: Part 2: The P-Compiler," BYTE Publications, Inc., pp. 34-52, Oct. 1978. |
Chung, Kin-Man and Yuen, Herbert, "A "Tiny ' Pascal Compiler: Part 2: The P-Compiler," BYTE Publications, Inc., Oct. 1978. |
Chung, Kin-Man and Yuen, Herbert, "A "Tiny' Pascal Compiler: Part 1: The P-Code Interpreter," BYTE Publications, Inc., pp. 58-155, Sep. 1978. |
Chung, Kin-Man and Yuen, Herbert, "A "Tiny' Pascal Compiler: the P-Code Interpreter," BYTE Publications, Inc., Sep. 1978. |
Coulouris et al., Distributed Systems Concepts and Designs, Second Edition, Addison-Wesley, 1994. |
Dave et al., "Proxies, Application Interface, And Distributed Systems," Proceedings International Workshop On Object Orientation In Operating Systems, pp. 212-220, Sep. 24, 1992. |
Dave et al., "Proxies, Application Interfaces, and Distributed Systems," XP 002009478, IEEE, Jan. 1992, pp.. 212-220. |
Deux et al., "The O2 System," Communications Of The Association For Computing Machinery, vol. 34, No. 10, pp. 34-48, Oct. 1, 1991. |
Dijkstra, Self-stabilizing Systems in Spite of Distributed Control, Communications of the ACM, vol. 17, No. 11, Nov. 1974, pp. 643-644. |
Dolev et al., On the Minimal Synchronism Needed for Distributed Consensus, Journal of the ACM, vol. 34, No. 1, Jan. 1987, pp. 77-97. |
Dollimore et al., "The Design of a System for Distributing Shared Objects," The Computer Journal, No. 6, Cambridge, GB, Dec. 1991. |
Dourish, A Divergence-Based Model of Synchrony and Distribution in Collaborative Systems, Xerox Technical Report EPC-1194-102, 1994, pp. 1-10. |
Droms, "RFC 1541 Dynamic Host Configuration Protocol," <http://www.cis.ohio-state.edu/htbin/rfc/rfc1541.html>, pp. 1-33, Oct. 1993. |
Emms, "A Definition Of An Access Control Systems Language," Computer Standards And Interfaces, vol. 6, No. 4, pp. 443-454, Jan. 1, 1987. |
Fleisch et al., "High Performance Distributed Objects Using Distributed Shared Memory & Remote Method Invocation," System Sciences, 1998, Proceedings of the 31st Hawaii Internat'l. Conference, Jan. 6-9, 1998, pp. 574-578. |
Gelernter et al., Parallel Programming in Linda, Yale University, Jan. 1985, pp. 1-21. |
Gelernter, Generative Communication in Linda, ACM Transactions on Programming Languages and Systems, vol. 7, No. 1, Jan. 1985, pp. 80-112. |
Gosling et al., "Java (TM) Language Specification," Addison-Wesley, Jan. 1996. |
Gottlob et al., "Extending Object-Oriented Systems with Roles," ACM Transactions On Information Systems, vol. 14, No. 3, pp. 268-296, Jul. 1996. |
Gray, Cary G. and Cheriton, David R., "Leases: An Efficient Fault-Tolerant Mechanism for Distributed File Cache Consistency," Computer Science Department, Stanford University, 1989. |
Gray, Cary G., Et al., "Leases An Efficient Fault-Tolerant Mechanism for Distributed File Cache Consistency," Computer Science Department, Stanford University, Jan. 1989, pp. 202-210. |
Guth, "JavaOne: Sun to Expand Java Distributed Computing Effort," <http://www.sunworld.com/swol-02-1998/swol-02-sunspots.html>, XP-002109935, p. 1, Feb. 20, 1998. |
Guyennet et al., "A New Consistency Protocol Implemented in the CAliF System," IEEE, 1094-7256/97, pp. 82-87, Jan. 1997. |
Guyennet et al., "Distributed Shared Memory Layer for Cooperative Work Applications," IEEE, 0742-1303/97, pp. 72-78, Jan. 1997. |
Hamilton et al., "Subcontract: A Flexible Base For Distributed Programming," Proceedings of 14th Symposium of Operating System Principles, Dec. 1993. |
Hamilton, Marc A., "Java and the Shift to Net-Centric Computing," Computer, pp. 31-39, Aug. 1996. |
Harris et al., Proposal for a General Java Proxy Class for Distributed Systems and Other Uses, Netscape Communications Corp., Jun. 25, 1997. |
Howard et al., Scale and Performance in a Distributed File System, ACM Transactions on Computer Systems, vol. 6, No. 1, Feb. 1988, pp. 51-81. |
Hunt, "IDF: A Graphical Data Flow Programming Language for Image Processing and Computer Vision," Proceedings of the International Conference on Systems, Man, and Cybernetics, pp. 351-360, Los Angeles, Nov. 4-7, 1990. |
IBM (TM) Technical Disclosure Bulletin, "Object Location Algorithm," vol. 36, No. 09B, pp. 257-258, Sep. 1993. |
IBM (TM) Technical Disclosure Bulletin, "Retrieval of Qualified Variables Using Extendible Hashing," vol. 36, No. 12, pp. 301-303, Dec. 1993. |
IBM Technical Disclosure Bulletin, "Local Network Monitoring to Populate Access Agent Directory," vol. 36, No. 09A, pp. 403-405, Sep. 1993. |
IBM Technical Disclosure Bulletin, Nov. 1973, vol. 16, No. 6, p. 1931. |
IBM, "Chapter 6-Distributed SOM (DSOM)," SOMobjects Developer Toolkit Users Guide, Version 2.1, p. 6-1-6-90, Oct. 1994. |
Jaworski, Java 1.1 Developer's Guide, Sams.net, 1997. |
Jones, Richard, et al., "Garbage Collection: Algorithms for Automatic Dynamic Memory Management," John Wiley & Sons, Jan. 1996. |
K.Eric Drexler et al.,"Incentive Engineering for Computational Resource Management," The Ecology of Computation, Elsevier Science Publishers B.V. (North Holland), Jan. 1988. |
Kambhatla et al., Recovery with Limited Replay: Fault-Tolerant Processes in Linda, Oregon Graduate Institute, Technical Report CSIE 90-019, Sep. 1990, pp. 1-16. |
Kay et al., "An Overview of the Raleigh Object-Oriented Database System," ICL Technical Journal, vol. 7, No. 4, pp. 780-798, Oxford, GB, Nov. 1991. |
Kougiouris et al., "Support for Space Efficient Object Invocation in Spring," Sep. 1994. |
Krasner, The Smalltalk-80 Virtual Machine, BYTE Publications Inc., Aug. 1991, pp. 300-320. |
Lamport et al., The Byzantine Generals Problem, ACM Transactions on Programming Languages and Systems, vol. 4, No. 3, Jul. 1982, pp. 382-401. |
lINDA Database Search, Jul. 20, 1995, pp. 1-68. |
Lindholm et al., "The Java (TM) Virtual Machine Specification," Addison Wesley, Jan. 1996. |
Liskov et al., Distributed Object Management in Thor, International Workshop on Distributed Object Management, 1992, pp. 12. |
McDaniel, Gene, "An Analysis of a Mesa Instruction Set," Xerox Corporation, May 1982. |
McDaniel, Gene, "An Analysis of a Mesa Instruction Set," Xerox Corporation, Palo Alto Research Centers, May 1982. |
Mitchell et al., "An Overview of the Spring System," Feb. 1994. |
Mitchell, James G., et al., "Mesa Language Manual," Xerox Corporation, Palo Alto Research Centers. |
Mitchell, James G., Maybury, William, and Sweet, Richard, Mesa Language Manual, Xerox Corporation, no date. |
Mullender, Distributed Systems, Second Edition, Addison-Wesley, 1993. |
Mummert et al., Long Term Distributed File Reference Tracing: Implementation and Experience, Carnegie Mellon University School of Computer Science, Nov. 1994, pp. 1-28. |
MUX-Elektronik, Java 1.1 Interactive Course, www.lls.se/~mux/javaic.html, Jan. 1995. |
MUX-Elektronik, Java 1.1 Interactive Course, www.lls.se/˜mux/javaic.html, Jan. 1995. |
Orfali et al., "The Essential Distributed Objects Survival Guide," Chapter 11: Corba Commercial ORBs, pp. 203-215, John Wiley & Sons, Inc., Jan. 1996. |
Ousterhout et al., The Sprite Network Operating System, Computer, IEEE, Feb. 1988, pp. 23-26. |
Pier, Kenneth A., "A Retrospective on the Dorado, A High-Performance Personal Computer," Conference Proceedings, The 10th Annual International Symposium on Computer Architecture, Royal Institute of Technology, Stockholm, Sweden, 1983. |
Pier, Kenneth A., "A Retrospective on the Dorado, A High-Performance Personal Computer," Xerox Corporation, Palo Alto Research Centers, Aug. 1983. |
Pier, Kenneth A., "A Retrospective on the Dorando, A High-Performance Personal Computer," IEEE Conference Proceedings, The 10th Annual International Symposium on Computer Architecture, Jan. 1983. |
Pier, Kenneth A., "A Retrospective on the Dorando, A High-Performance Personal Computer," Xerox Corporation, Aug. 1983. |
Pinakis, Using Linda as the Basis of an Operating System Microkernel, University of Western Australia, Department of Computer Science, Aug. 1993, pp. 1-165. |
Remote Method Invocation Specification, Sun Microsystems, Inc., (1997), http://java.sun.com/products/jdk/1.1/docs/guide/rmi/spec/rmiTOC.doc.html. |
Riggs et al., "Pickling State in the Java (TM) System," USENIX Association Conference on Object-Oriented Technologies and Systems, XP-002112719, pp. 241-250, Jun. 17-21, 1996. |
Rosenberry et al., "Understanding DCE," Chapters 1-3, 6, 1992. |
Sharrott et al., ObjectMap: Integrating High Performance Resources into a Distributed Object-oriented Environment, ICODP, 1995. |
Stevenson, "Token-Based Consistency of Replicated Servers," IEEE, CH2686-4/89/0000/0179, pp. 179-183, Jan. 1989. |
Thompson, Ken, "Regular Expression Search Algorithm," Communications of the ACM, vol. II, No. 6, p. 149 et seq., Jun. 1968. |
Thompson, Ken, "Regular Expression Search Algorithm," Programming Techniques, Communications of the ACM, vol. 11, No. 6, pp. 419-422, Jun., 1968. |
Transparent Network Computing, Locus Computing Corporation, Jan. 5, 1995. |
Waldo et al., "Events In An RPC Based Distributed System," Proceedings Of The 1995 USENIX Technical Conference, Proceedings USENIX Winter 1995 Technical Conference, New Orleans, LA, USA, 16-20, pp. 131-142, Jan. 1995. |
Wilson, P.R., et al., "Design of the Opportunistic Garbage Collector," Proceedings of the Object Oriented Programming Systems Languages An Applications Conference, New Orleans, vol. 24, No. 10, Oct. 1989. |
Wollrath et al., A Distributed Object Model for the Java(TM) System, USENIX Association, Conference on Object-Oriented Technologies and Systems, Jun. 17-21, 1996. |
Wollrath et al., A Distributed Object Model for the Java™ System, USENIX Association, Conference on Object-Oriented Technologies and Systems, Jun. 17-21, 1996. |
Wu, "A Type System For An Object-Oriented Database System," Proceedings of the International Computer Software and Applications Conference (COMPSAC), Tokyo, Japan, pp. 333-338, Sep. 11-13, 1991. |
Yemini et al., "Towards Programmable Networks," IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, L'Aquila, Italy, Oct. 1996. |
Cited By (73)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6792424B1 (en) * | 1999-04-23 | 2004-09-14 | International Business Machines Corporation | System and method for managing authentication and coherency in a storage area network |
US20020078213A1 (en) * | 2000-12-15 | 2002-06-20 | Ching-Jye Chang | Method and system for management of resource leases in an application framework system |
US6950874B2 (en) * | 2000-12-15 | 2005-09-27 | International Business Machines Corporation | Method and system for management of resource leases in an application framework system |
US9413817B2 (en) | 2001-03-14 | 2016-08-09 | Microsoft Technology Licensing, Llc | Executing dynamically assigned functions while providing services |
US9460421B2 (en) | 2001-03-14 | 2016-10-04 | Microsoft Technology Licensing, Llc | Distributing notifications to multiple recipients via a broadcast list |
US8572576B2 (en) | 2001-03-14 | 2013-10-29 | Microsoft Corporation | Executing dynamically assigned functions while providing services |
US20040181530A1 (en) * | 2001-08-29 | 2004-09-16 | Smith Lawrence T. | Distributed networking system for resource-constrained computing devices |
US20030065577A1 (en) * | 2001-10-03 | 2003-04-03 | International Business Machines Corporation | Method for purging abandoned shopping carts from an electronic commerce web site |
US7047213B2 (en) | 2001-10-03 | 2006-05-16 | International Business Machines Corporation | Method for purging abandoned shopping carts from an electronic commerce web site |
US7191195B2 (en) * | 2001-11-28 | 2007-03-13 | Oki Electric Industry Co., Ltd. | Distributed file sharing system and a file access control method of efficiently searching for access rights |
US20030101200A1 (en) * | 2001-11-28 | 2003-05-29 | Noritaka Koyama | Distributed file sharing system and a file access control method of efficiently searching for access rights |
US7367044B2 (en) | 2002-06-14 | 2008-04-29 | Clink Systems, Ltd. | System and method for network operation |
US20090019524A1 (en) * | 2002-06-14 | 2009-01-15 | Stephan Fowler | System and method for network operation |
US20030233541A1 (en) * | 2002-06-14 | 2003-12-18 | Stephan Fowler | System and method for network operation |
US9886309B2 (en) | 2002-06-28 | 2018-02-06 | Microsoft Technology Licensing, Llc | Identity-based distributed computing for device resources |
SG110048A1 (en) * | 2002-06-28 | 2005-04-28 | Microsoft Corp | Identity-based distributed computing for device resources |
EP1376977A3 (en) * | 2002-06-28 | 2004-01-14 | Microsoft Corporation | Identity-based distributed computing for device resources |
EP1376977A2 (en) * | 2002-06-28 | 2004-01-02 | Microsoft Corporation | Identity-based distributed computing for device resources |
CN100465939C (en) * | 2002-06-28 | 2009-03-04 | 微软公司 | Identity-based distributed computing system suitable for device resource |
US20040003112A1 (en) * | 2002-06-28 | 2004-01-01 | Microsoft Corporation | Identity-based distributed computing for device resources |
US20040111608A1 (en) * | 2002-12-05 | 2004-06-10 | Microsoft Corporation | Secure recovery in a serverless distributed file system |
US7428751B2 (en) * | 2002-12-05 | 2008-09-23 | Microsoft Corporation | Secure recovery in a serverless distributed file system |
US20090019288A1 (en) * | 2002-12-05 | 2009-01-15 | Microsoft Corporation | Secure recovery in a serverless distributed file system |
US8205090B2 (en) | 2002-12-05 | 2012-06-19 | Microsoft Corporation | Secure recovery in a serverless distributed file system |
US8166101B2 (en) | 2003-08-21 | 2012-04-24 | Microsoft Corporation | Systems and methods for the implementation of a synchronization schemas for units of information manageable by a hardware/software interface system |
US8238696B2 (en) | 2003-08-21 | 2012-08-07 | Microsoft Corporation | Systems and methods for the implementation of a digital images schema for organizing units of information manageable by a hardware/software interface system |
US8041904B2 (en) | 2004-05-03 | 2011-10-18 | Microsoft Corporation | Non-volatile memory cache performance improvement |
US9405693B2 (en) | 2004-05-03 | 2016-08-02 | Microsoft Technology Licensing, Llc | Non-volatile memory cache performance improvement |
US20050262378A1 (en) * | 2004-05-03 | 2005-11-24 | Microsoft Corporation | Systems and methods for automatic maintenance and repair of enitites in a data model |
US20100077197A1 (en) * | 2004-05-03 | 2010-03-25 | Microsoft Corporation | Non-volatile memory cache performance improvement |
US7366740B2 (en) * | 2004-05-03 | 2008-04-29 | Microsoft Corporation | Systems and methods for automatic maintenance and repair of enitites in a data model |
US10216637B2 (en) | 2004-05-03 | 2019-02-26 | Microsoft Technology Licensing, Llc | Non-volatile memory cache performance improvement |
US8255645B2 (en) | 2004-05-03 | 2012-08-28 | Microsoft Corporation | Non-volatile memory cache performance improvement |
US8909861B2 (en) | 2004-10-21 | 2014-12-09 | Microsoft Corporation | Using external memory devices to improve system performance |
US9690496B2 (en) | 2004-10-21 | 2017-06-27 | Microsoft Technology Licensing, Llc | Using external memory devices to improve system performance |
US9317209B2 (en) | 2004-10-21 | 2016-04-19 | Microsoft Technology Licensing, Llc | Using external memory devices to improve system performance |
US20070094272A1 (en) * | 2005-10-20 | 2007-04-26 | Wen-Hsi Yeh | Method and system for managing distributed storage of digital contents |
US20090276860A1 (en) * | 2005-11-02 | 2009-11-05 | Naohide Miyabashi | Method of protecting confidential file and confidential file protecting system |
US9529716B2 (en) | 2005-12-16 | 2016-12-27 | Microsoft Technology Licensing, Llc | Optimizing write and wear performance for a memory |
US11334484B2 (en) | 2005-12-16 | 2022-05-17 | Microsoft Technology Licensing, Llc | Optimizing write and wear performance for a memory |
US8914557B2 (en) | 2005-12-16 | 2014-12-16 | Microsoft Corporation | Optimizing write and wear performance for a memory |
US20100287180A1 (en) * | 2006-02-21 | 2010-11-11 | Electronics And Telecommunications Research Institute | Apparatus and Method for Issuing Certificate with User's Consent |
US20110173614A1 (en) * | 2006-03-07 | 2011-07-14 | Oracle America, Inc. | Method and system for provisioning a virtual computer and scheduling resources of the provisioned virtual computer |
US8341629B2 (en) * | 2006-03-07 | 2012-12-25 | Oracle International Corporation | Method and system for provisioning a virtual computer and scheduling resources of the provisioned virtual computer |
US8185960B1 (en) | 2006-07-27 | 2012-05-22 | Qlogic, Corporation | System and method for managing access to adapter features |
US20090063240A1 (en) * | 2007-08-30 | 2009-03-05 | Oracle International Corporation | Routing transactions in a multiple job environment using an approval framework |
US20090064280A1 (en) * | 2007-09-05 | 2009-03-05 | Oracle International Corporation | Framework for delegating roles in human resources erp systems |
US8321919B2 (en) * | 2007-09-05 | 2012-11-27 | Oracle International Corp. | Framework for delegating roles in human resources ERP systems |
US8631203B2 (en) | 2007-12-10 | 2014-01-14 | Microsoft Corporation | Management of external memory functioning as virtual cache |
US20110173423A1 (en) * | 2008-02-01 | 2011-07-14 | Arimilli Ravi K | Look-Ahead Hardware Wake-and-Go Mechanism |
US20090199184A1 (en) * | 2008-02-01 | 2009-08-06 | Arimilli Ravi K | Wake-and-Go Mechanism With Software Save of Thread State |
US20090204612A1 (en) * | 2008-02-12 | 2009-08-13 | Bae Systems Information And Electronic Systems Integration Inc. | Apparatus and method for dynamic web service discovery |
US7987163B2 (en) | 2008-02-12 | 2011-07-26 | Bae Systems Information And Electronic Systems Integration Inc. | Apparatus and method for dynamic web service discovery |
US8402508B2 (en) * | 2008-04-02 | 2013-03-19 | Microsoft Corporation | Delegated authentication for web services |
US20090254978A1 (en) * | 2008-04-02 | 2009-10-08 | Microsoft Corporation | Delegated authentication for web services |
US9032151B2 (en) | 2008-09-15 | 2015-05-12 | Microsoft Technology Licensing, Llc | Method and system for ensuring reliability of cache data and metadata subsequent to a reboot |
US10387313B2 (en) | 2008-09-15 | 2019-08-20 | Microsoft Technology Licensing, Llc | Method and system for ensuring reliability of cache data and metadata subsequent to a reboot |
US8489815B2 (en) | 2008-09-15 | 2013-07-16 | Microsoft Corporation | Managing cache data and metadata |
US9448890B2 (en) | 2008-09-19 | 2016-09-20 | Microsoft Technology Licensing, Llc | Aggregation of write traffic to a data store |
US9361183B2 (en) | 2008-09-19 | 2016-06-07 | Microsoft Technology Licensing, Llc | Aggregation of write traffic to a data store |
US10509730B2 (en) | 2008-09-19 | 2019-12-17 | Microsoft Technology Licensing, Llc | Aggregation of write traffic to a data store |
US10320858B2 (en) | 2009-07-23 | 2019-06-11 | International Business Machines Corporation | Event triggered notifications for collaborative processes |
US20110022662A1 (en) * | 2009-07-23 | 2011-01-27 | International Business Machines Corporation | Event triggered notifications for collaborative processes |
US9813460B2 (en) | 2009-07-23 | 2017-11-07 | International Business Machines Corporation | Event triggered notifications for collaborative processes |
US10015211B2 (en) | 2009-07-23 | 2018-07-03 | International Business Machines Corporation | Event triggered notifications for collaborative processes |
US9426227B2 (en) | 2012-02-16 | 2016-08-23 | Citrix Systems, Inc. | Connection leasing for hosted services |
US9800669B2 (en) | 2012-02-16 | 2017-10-24 | Citrix Systems, Inc. | Connection leasing for hosted services |
US8990898B2 (en) | 2012-02-16 | 2015-03-24 | Citrix Systems, Inc. | Connection leasing for hosted services |
US20150347743A1 (en) * | 2014-05-30 | 2015-12-03 | Apple Inc. | Method and apparatus for inter process privilige transfer |
US10162727B2 (en) | 2014-05-30 | 2018-12-25 | Apple Inc. | Activity tracing diagnostic systems and methods |
US10430577B2 (en) * | 2014-05-30 | 2019-10-01 | Apple Inc. | Method and apparatus for inter process privilige transfer |
US9923896B2 (en) * | 2014-11-24 | 2018-03-20 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Providing access to a restricted resource via a persistent authenticated device network |
US20160149881A1 (en) * | 2014-11-24 | 2016-05-26 | Lenovo Enterprise Solutions (Singapore) Pte.Ltd. | Providing access to a restricted resource via a persistent authenticated device network |
Also Published As
Publication number | Publication date |
---|---|
EP1062580A1 (en) | 2000-12-27 |
WO1999044130A1 (en) | 1999-09-02 |
AU3297299A (en) | 1999-09-15 |
KR20010041296A (en) | 2001-05-15 |
JP2002505470A (en) | 2002-02-19 |
CN1298509A (en) | 2001-06-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6247026B1 (en) | Method, apparatus, and product for leasing of delegation certificates in a distributed system | |
US6263350B1 (en) | Method and system for leasing storage | |
US6564240B2 (en) | Method, apparatus, and product for leasing of group membership in a distributed system | |
US6499049B2 (en) | Lease renewal service | |
US6728737B2 (en) | Method and system for leasing storage | |
EP1057105B1 (en) | Method and system for leasing storage | |
EP1057106B1 (en) | Method, apparatus, and product for leasing of group membership in a distributed system | |
WO1999044128A1 (en) | Leasing for failure detection | |
KR20010041228A (en) | Method and system for leasing storage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SUN MICROSYSTEMS, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WALDO, JAMES H.;WOLLRATH, ANN M.;SCHEIFLER, ROBERT;REEL/FRAME:009346/0757;SIGNING DATES FROM 19980717 TO 19980720 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
FPAY | Fee payment |
Year of fee payment: 8 |
|
FPAY | Fee payment |
Year of fee payment: 12 |